School of Computer Science & Engineering
University of New South Wales
Advanced Operating Systems
COMP9242 2002/S2
Next: Capabilities
Up: 03-caps
Previous: Access matrix implementation: ACLs
Represent row-wise: capabilities
- Capability list associated with agent.
- Each capability confers a certain right to its holder.
- Propagation: copy capabilities between agents (how?)
- Restriction: lesser rights require new (``derived'') capabilities
- Revocation: requires invalidation of capabilities from all
agents
- Amplification: special invocation capability.
- Accessibility: requires inspection of all capability lists (how?)
- Protection domain: explicit in capability list.
- Can have negative rights, to:
- reduce ``window of vulnerability'',
- simplify management of groups of capabilities.
- Successful commercial system: IBM System/38 et fils[Sol97]
- Popular among research distributed OS.
Gernot Heiser
2002-08-15