This Article 
 Bibliographic References 
 Add to: 
V.D. Gligor, Department of Computer Science, University of Maryland
The problems of review and revocation of access privileges are presented in the context of the systems that use capabilities for the long-term distribution of access privileges. An approach that solves both of these problems in their-most general form is presented in this paper. The approach requires that a capability propagation graph be maintained in memory spaces associated with subjects (e.g., domains, processes, etc.) that make copies of the respective capability; the graph remains inaccessible to those subjects, however. Parallel processes of the operating system update the graph as the system runs.
Index Terms:
type extension, Access control lists, access privilege, access review, capabilities, capability-propagation graph, fle systems, kernels, management policies, reference counts, selective revocation, shared objects, short capabilities
V.D. Gligor, "Review and Revocation of Access Privileges Distributed Through Capabilities," IEEE Transactions on Software Engineering, vol. 5, no. 6, pp. 575-586, Nov. 1979, doi:10.1109/TSE.1979.230193
Usage of this product signifies your acceptance of the Terms of Use.