[CSE]  Advanced Operating Systems 
 COMP9242 2002/S2 
UNSW

PRINTER Printer-Friendly Version
Administration               
- Notices
- Course Intro
- Consultations
# On-line Survey (closed)
- Survey Results
 
Work
- Lectures
- Milestone 0
- Project Admin
- Project Spec
- Project FAQ
- Exam
 
Documentation
- ASysT Lab
- L4 source browser
- Sulima ISA Simulator
R4x00 ISA Summary 
MIPS R4700 ReferenceMIPS R4000 User Manual 
- Network Driver
- GT64111
 
Related Info
- Aurema OS Prize
- OS Hall of Fame
 
History
- 2000
- 1999
- 1998
 
Staff
- Gernot Heiser (LiC)

 
Valid HTML 4.0!
next up previous
Next: Access matrix implementation: Capabilities Up: 03-caps Previous: Issues for Protection System

Access matrix implementation: ACLs


Represent column-wise: access control list (ACL):
  • ACL associated with object.
    • Propagation: meta-right (e.g., owner can chmod)
    • Restriction: meta-right
    • Revocation: meta-right
    • Amplification: protected-invocation right (e.g., setuid)
    • Accessibility: explicit in ACL
    • Protection domain: hard (if not impossible)
  • Usually condensed via domain classes (UNIX groups)
  • Full ACLs used by Multics, Apollo Domain, Andrew FS, NT.
  • Can have negative rights, to:
    • reduce ``window of vulnerability'',
    • simplify exclusion from groups.
  • Sometimes implicit (process hierarchy).



Gernot Heiser 2002-08-15