Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
JCS
2008
2008
Non-delegatable authorities in capability systems
We present a novel technique, known as the non-delegatable authority (NDA), for distributing authority to unconfined subjects in capability systems that prevents them from sharing the exact same authority that they have been given with anyone else. This feature is present in common systems based on access control lists (ACLs) in which one may hand out a permission without handing out the associated "grant" right, but has been thought to be impossible to express in capability systems until now. Consequently, we demonstrate that NDAs may be used to express ACL-like constructs and their basic pattern is directly applicable for implementing Multi-Level Security and identity-based access controls in the object-capability model. The extra complexity introduced by our NDA implementation can be hidden behind constructs that allow NDAs to be wielded as if they were ordinary capabilities to the target resource. These constructs cannot break the non-delegatability constraint and allow ...
Real-time TrafficRelated Content
| Added | 13 Dec 2010 |
| Updated | 13 Dec 2010 |
| Type | Journal |
| Year | 2008 |
| Where | JCS |
| Authors | Toby C. Murray, Duncan A. Grove |
Comments (0)
Researcher Info
|
