Printer-Friendly
Version
|
Next: Access matrix implementation: Capabilities
Up: 03-caps
Previous: Issues for Protection System
Represent column-wise: access control list (ACL):
- ACL associated with object.
- Propagation: meta-right (e.g., owner can chmod)
- Restriction: meta-right
- Revocation: meta-right
- Amplification: protected-invocation right (e.g.,
setuid)
- Accessibility: explicit in ACL
- Protection domain: hard (if not impossible)
- Usually condensed via domain classes (UNIX groups)
- Full ACLs used by Multics, Apollo Domain, Andrew FS, NT.
- Can have negative rights, to:
- reduce ``window of vulnerability'',
- simplify exclusion from groups.
- Sometimes implicit (process hierarchy).
Gernot Heiser
2002-08-15
|