Issue No.05 - September (1979 vol.5)
K. Ekanadham , Department of Computer Science, State University of New York
Protection in capability-based operating systems is comsidered. The concept of a conditional capability, which is a generalization of a conventional capability, is proposed. The conditional capability can only be exercised when certain conditions relating to the context of its use are satisfied. It is shown that such capabilities form a basis upon which features such as domains of protection, revocation, and type extension can be built. The implementation of these features can be isolated into sepuate modules thus leaving the basic protection module uncluttered and simplifying the overall structure of the system.
protection, Access control, capabilities, conditional capabilities, keys, locks, operating system
K. Ekanadham, A.J. Bernstein, "Conditional Capabilities", IEEE Transactions on Software Engineering, vol.5, no. 5, pp. 458-464, September 1979, doi:10.1109/TSE.1979.230184