Printer-Friendly
Version
|
Next: Tagged Capabilities
Up: 03-caps
Previous: Access matrix implementation: Capabilities
- Main advantage of capabilities is the fine-grain access control:
- Easy to provide specific access to selected agents.
- Capability presents prima facie evidence of the right to
access:
- capability
==> object identifier (naming),
- capability
==> (set of) access rights,
- Any representation must contain object ID and
access rights.
- Any representation must protect capability from
forgery.
- How implemented and protected?
- tagged (protected by hardware),
- partitioned (protected by software),
- sparse (protected by obscurity).
Gernot Heiser
2002-08-15
|