Issue No. 01 - January/February (2003 vol. 20)
<p>The split-capabilities method offers improved scalability and revocation of privileges in controlling access to resources. Early releases of Hewlett-Packard?s e-speak product used this method to secure the system from a variety of common attacks. Split capabilities have the advantages of traditional capabilities without their limitations. The basic idea is to divide the capability into two parts: a handle to the resource being accessed and a handle to a separate resource representing the access rights being requested. Although such separation of name from authority is potentially problematic, this system brings these two elements together in the resource?s computing infrastructure.</p>
A. Banerji, R. Gupta, G. J. Rozas and A. H. Karp, "Using Split Capabilities for Access Control," in IEEE Software, vol. 20, no. , pp. 42-49, 2003.