Using Split Capabilities for Access Control

Alan H. Karp; Arindam Banerji; Rajiv Gupta; Guillermo J. Rozas

doi:10.1109/MS.2003.1159028

Software
2003
Issue No. 1 - January/February
Abstract - Using Split Capabilities for Access Control

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Alan H. Karp Articles by Rajiv Gupta Articles by Guillermo J. Rozas Articles by Arindam Banerji

Using Split Capabilities for Access Control

January/February 2003 (vol. 20 no. 1)

pp. 42-49

	ASCII Text	x
	Alan H. Karp, Rajiv Gupta, Guillermo J. Rozas, Arindam Banerji, "Using Split Capabilities for Access Control," IEEE Software, vol. 20, no. 1, pp. 42-49, January/February, 2003.

	BibTex	x
	@article{ 10.1109/MS.2003.1159028, author = {Alan H. Karp and Rajiv Gupta and Guillermo J. Rozas and Arindam Banerji}, title = {Using Split Capabilities for Access Control}, journal ={IEEE Software}, volume = {20}, number = {1}, issn = {0740-7459}, year = {2003}, pages = {42-49}, doi = {http://doi.ieeecomputersociety.org/10.1109/MS.2003.1159028}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Software TI - Using Split Capabilities for Access Control IS - 1 SN - 0740-7459 SP42 EP49 EPD - 42-49 A1 - Alan H. Karp, A1 - Rajiv Gupta, A1 - Guillermo J. Rozas, A1 - Arindam Banerji, PY - 2003 VL - 20 JA - IEEE Software ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MS.2003.1159028

The split-capabilities method offers improved scalability and revocation of privileges in controlling access to resources. Early releases of Hewlett-Packard?s e-speak product used this method to secure the system from a variety of common attacks. Split capabilities have the advantages of traditional capabilities without their limitations. The basic idea is to divide the capability into two parts: a handle to the resource being accessed and a handle to a separate resource representing the access rights being requested. Although such separation of name from authority is potentially problematic, this system brings these two elements together in the resource?s computing infrastructure.

Citation:

Alan H. Karp, Rajiv Gupta, Guillermo J. Rozas, Arindam Banerji, "Using Split Capabilities for Access Control," IEEE Software, vol. 20, no. 1, pp. 42-49, Jan.-Feb. 2003, doi:10.1109/MS.2003.1159028

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.