Title :
Extended discretionary access controls
Author :
Vinter, Stephen T.
Author_Institution :
BBN Lab., Cambridge, MA, USA
Abstract :
A discretionary access control mechanism proposed for a secure distributed operating system (DOS) being designed at BBN Laboratories is presented. The DOS is an object-oriented system that uses access control lists to authorize access to objects. Discretionary controls are implemented in a type-specific manner inside the managers of objects. Several extensions to conventional access control lists are proposed, including a limited form of privilege transfer, module interconnection control, support for direct operations roles, and restricted roles. A technique for automatically generating access control implementations is presented that is based on nonprocedural specifications, and an implementation approach is proposed that allows the generated code to be embedded with high assurance in untrusted object managers using hardware protection rings. The concepts and mechanisms are illustrated with a simple banking example
Keywords :
distributed processing; operating systems (computers); security of data; access control lists; banking; direct operations roles; discretionary access control mechanism; hardware protection rings; high assurance; module interconnection control; nonprocedural specifications; object-oriented system; privilege transfer; restricted roles; secure distributed operating system; type-specific manner; untrusted object managers; Access control; Authentication; Authorization; Hardware; Humans; Laboratories; Operating systems; Programming profession; Protection; Security;
Conference_Titel :
Security and Privacy, 1988. Proceedings., 1988 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-0850-1
DOI :
10.1109/SECPRI.1988.8096