Two outstanding techniques for the construction of protection systems, i.e., capability lists and access control lists, are considered. After a brief comparison. emphasizing the most important behavioural differences, the problem of implementing access control lists in capability ehvironments is. examined with reference to a specific generalized capability architecture. An example of application (management of files) is considered in particular, which is well tailored to an access control list implementation. The application consists of a set of passive entities (files) to be preserved from unauthorized accesses. The active entities capable of making attempts at access are called the user of the file management systems: each user holds a specific set of access rivileges on each file. Implementation consists mainly of three components, namely File Manager, List Manager and Directory. The first implements the files in an unprotected fashion. The List Manager is responsible for the management and checking of access rights: its domain contains an access control list for each file. Finally, the Directory. acting as an interface between files and users, enforces veri fication of access rights. The central problem is how to allow the Directory to identify users in a secure fashion: the solution proposed is based on the utilization of the properties of pseudo-capabilities.
Access control lists in capability environments
1982
Abstract
Two outstanding techniques for the construction of protection systems, i.e., capability lists and access control lists, are considered. After a brief comparison. emphasizing the most important behavioural differences, the problem of implementing access control lists in capability ehvironments is. examined with reference to a specific generalized capability architecture. An example of application (management of files) is considered in particular, which is well tailored to an access control list implementation. The application consists of a set of passive entities (files) to be preserved from unauthorized accesses. The active entities capable of making attempts at access are called the user of the file management systems: each user holds a specific set of access rivileges on each file. Implementation consists mainly of three components, namely File Manager, List Manager and Directory. The first implements the files in an unprotected fashion. The List Manager is responsible for the management and checking of access rights: its domain contains an access control list for each file. Finally, the Directory. acting as an interface between files and users, enforces veri fication of access rights. The central problem is how to allow the Directory to identify users in a secure fashion: the solution proposed is based on the utilization of the properties of pseudo-capabilities.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
