This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Capability Managers
November 1978 (vol. 4 no. 6)
pp. 467-477
R.B. Kieburtz, Department of Computer Science, State University of New York
The use of capabilities to control the access of component programs to resources in an operating system is an attractive means by which to provide a uniform protection mechanism. In this paper, a capability is defined as an abstract encapsulation of the data needed to define access to a protected object. We do not assume that capability checking is necessarily concentrated in a protection kernel, nor that capabilities to different types of objects are all of the same degree of complexity. We explore a language-based capability mechanism in which protection environments are established by declaration, enforcement protocols are automatically produced by a compiler, and access control policy is clearly placed in the hands of the system designer. The basic mechanism introduced is a program component called a capability manager that is an extension of the monitor concept. It can be used to realize most of the facilities associated with kernel-based capabilities, including preemptive revocation.
Index Terms:
revocation, Access control, capability, exception handling, manager, monitor, protection, resource allocation
Citation:
R.B. Kieburtz, A. Silberschatz, "Capability Managers," IEEE Transactions on Software Engineering, vol. 4, no. 6, pp. 467-477, Nov. 1978, doi:10.1109/TSE.1978.233870
Usage of this product signifies your acceptance of the Terms of Use.