Title :
New methods for immediate revocation
Author_Institution :
Digital Equipment Corp., Boxborough, MA
Abstract :
The author introduces two techniques for immediate revocation of access rights: revocation with event counts and revocation by chaining. The two algorithms are appropriate for shared and unshared page tables, respectively, and can be used for both access control list and capability-based systems. The proposed techniques are much simpler to implement and more efficient in operation than previous revocation techniques and are therefore more appropriate for implementation in a security kernel, where simplicity of design is crucial. Furthermore, both techniques are particularly appropriate for RISC (reduced-instruction-set computer) implementations where translation buffer misses are handled in software. However, the techniques are very dependent on the particular style of memory management available on the underlying hardware. It is concluded that, with these techniques, user requirements for immediate revocation can be easily met in any operating system on security kernel design
Keywords :
operating systems (computers); security of data; RISC; access control list; access rights; algorithms; capability-based systems; chaining; event counts; hardware; immediate revocation; memory management; operating system; reduced-instruction-set computer; security kernel design; software; translation buffer misses; unshared page tables; user requirements; Access control; Algorithm design and analysis; Engineering education; Invasive software; Operating systems; Permission; Space charge; Trademarks; Voice mail;
Conference_Titel :
Security and Privacy, 1989. Proceedings., 1989 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-1939-2
DOI :
10.1109/SECPRI.1989.36276
