Next: Security in Multics
Up: No Title
Previous: Capabilities in Distributed Systems
Are these to be performed
- Immediately or after a delay
- For all users or a selective group
- All rights or partial rights
- Temporary or permanent
Remove access rights for an object - given to a user/domain
Easy with global table or access list - search list for object and remove entry
Capabilities are distributed throughout the system - must be found and destroyed -
difficult
- Expiry Time : capabilities expire after a time and new must be requested -
this is refused if rights have been revoked
- Back pointers : objects maintain pointers to all capabilities issued -
costly to implement, particularly if capabilities are passed around as parameters
- Indirect Capabilities : capability points to table entry which points to object -
Invalidate entry to revoke capability - No selective revocation
- Keys : capability contains encrypted key checked by object - change key in
object to revoke capability - No selective revocation
Omer F Rana
Sun Feb 16 17:49:18 GMT 1997