School of Computer Science & Engineering
University of New South Wales
Advanced Operating Systems
COMP9242 2002/S2
next
up
previous
Next: Tagged Capabilities
Up: 03-caps
Previous: Access matrix implementation: Capabilities
- Main advantage of capabilities is the fine-grain access control:
- Easy to provide specific access to selected agents.
- Capability presents prima facie evidence of the right to
access:
- capability
==> object identifier (naming),
- capability
==> (set of) access rights,
- Any representation must contain object ID and
access rights.
- Any representation must protect capability from
forgery.
- How implemented and protected?
- tagged (protected by hardware),
- partitioned (protected by software),
- sparse (protected by obscurity).
Gernot Heiser
2002年08月15日
[an error occurred while processing this directive]