Issue No. 06 - November (1978 vol. 4)
R.B. Kieburtz , Department of Computer Science, State University of New York
The use of capabilities to control the access of component programs to resources in an operating system is an attractive means by which to provide a uniform protection mechanism. In this paper, a capability is defined as an abstract encapsulation of the data needed to define access to a protected object. We do not assume that capability checking is necessarily concentrated in a protection kernel, nor that capabilities to different types of objects are all of the same degree of complexity. We explore a language-based capability mechanism in which protection environments are established by declaration, enforcement protocols are automatically produced by a compiler, and access control policy is clearly placed in the hands of the system designer. The basic mechanism introduced is a program component called a capability manager that is an extension of the monitor concept. It can be used to realize most of the facilities associated with kernel-based capabilities, including preemptive revocation.
revocation, Access control, capability, exception handling, manager, monitor, protection, resource allocation
R. Kieburtz and A. Silberschatz, "Capability Managers," in IEEE Transactions on Software Engineering, vol. 4, no. , pp. 467-477, 1978.