Issue No. 05 - May (1986 vol. 12)
Krithivasan Ramamritham , Department of Computer and Information Science, University of Massachusetts, Amherst, MA 01003
David Stemple , Department of Computer and Information Science, University of Massachusetts, Amherst, MA 01003
David A. Briggs , Department of Mathematics and Computer Science, University of Southern Maine, Portland, ME 04104
Stephen Vinter , BBN Laboratories, Cambridge, MA 02238
Gutenberg is a port-based operating system being designed to study protection issues in distributed systems. In the Gutenberg system, all shared resources are viewed as protected objects and hence can be accessed only via specific operations defined on them. Processes communicate and access objects through the use of ports. Each port is associated with an abstract data type operation and can be created by a process only if the process has the capability to execute the operation on the type. Thus, a port represents the privilege of the port's client process to request a service (an abstract data type operation) provided by the port's server process (the type's manager). Capabilities to create ports for requesting operations are contained in a capability directory, which is navigated by processes to gain these capabilities. Privilege transfer is a means of providing servers access to the resources they need to perform their services. In Gutenberg, privilege transfer is accomplished by allowing access to subdirectories of the capability directory and by passing capabilities, including port access capabilities, to processes via ports. It should be possible to revoke transferred privileges when breaches of trust are detected or suspected, when a period of time has passed beyond which the distributor of a privilege does not want the privilege shared, or when an error has been detected. Transfer and revocation of privileges in Gutenberg is the subject of this paper. In particular, we describe the types of privileges in Gutenberg, discuss the mechanisms provided for the transfer and revocation of different types of privileges, and sketch the means for handling exceptions during privilege transfer.
Kernel, Servers, Bibliographies, Transient analysis, Abstracts, revocation, Interprocess communication, operating systems, privilege transfer, protection
K. Ramamritham, D. Stemple, D. A. Briggs and S. Vinter, "Privilege transfer and revocation in a port-based system," in IEEE Transactions on Software Engineering, vol. 12, no. , pp. 635-648, 1986.