This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
On Access Checking in Capability-Based Systems
February 1987 (vol. 13 no. 2)
pp. 202-207
R.Y. Kain, Department of Electrical Engineering, University of Minnesota
Public descriptions of capability-based system designs often do not clarify the necessary details concerning the propagation of access rights within the systems. A casual reader may assume that it is adequate for capabilities to be passed in accordance with the rules for data copying. A system using such a rule cannot enforce either the military security policy or the Bell and LaPadula rules. The paper shows why this problem arises and provides a taxonomy of capability-based designs. Within the space of design options defined by the taxonomy we identify a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.
Index Terms:
taxonomy, Access control, capabilities, capability-based architectures, security policy, *
Citation:
R.Y. Kain, C.E. Landwehr, "On Access Checking in Capability-Based Systems," IEEE Transactions on Software Engineering, vol. 13, no. 2, pp. 202-207, Feb. 1987, doi:10.1109/TSE.1987.232892
Usage of this product signifies your acceptance of the Terms of Use.