Advanced Operating Systems   COMP9242 2002/S2

UNSW

Printer-Friendly Version Administration                - Notices - Course Intro - Consultations # On-line Survey (closed) - Survey Results   Work - Lectures - Milestone 0 - Project Admin - Project Spec - Project FAQ - Exam   Documentation - ASysT Lab - L4 source browser - Sulima ISA Simulator - R4x00 ISA Summary  - MIPS R4700 Reference - MIPS R4000 User Manual  - Network Driver - GT64111   Related Info - Aurema OS Prize - OS Hall of Fame   History - 2000 - 1999 - 1998   Staff - Gernot Heiser (LiC)

Password capabilities Used in the Monash Password Capability System[APW86], Opal[CLFL94], Mungi[HEV$^+$98]. Properties of password capabilities Passwords must be protected (eavesdropping, Trojan horses). Separate passwords for different rights (good idea to package rights with caps). No encryption ==> easy to validate. Validation done by kernel on access or presentation and cached by MMU. Propagation easy, as capabilities are ``normal'' data. Restriction requires kernel to make new capability. Revocation done by kernel removing entry from object table. Amplification possible similar to AS/400. Accessibility is impossible to determine. Protection domain is known to kernel. Sparse capabilities summary Statistically secure (like encryption). Validation at mapping time ==> applications can use ``normal'' pointers. Validation may be slow, but kernel and MMU can cache. No kernel intervention required on most operations. Reference counting impossible to detect unaccessible objects.