• DocumentCode
    745935
  • Title

    On Access Checking in Capability-Based Systems

  • Author

    Kain, Richard Y. ; Landwehr, Carl E.

  • Author_Institution
    Department of Electrical Engineering, University of Minnesota
  • Issue
    2
  • fYear
    1987
  • Firstpage
    202
  • Lastpage
    207
  • Abstract
    Public descriptions of capability-based system designs often do not clarify the necessary details concerning the propagation of access rights within the systems. A casual reader may assume that it is adequate for capabilities to be passed in accordance with the rules for data copying. A system using such a rule cannot enforce either the military security policy or the Bell and LaPadula rules. The paper shows why this problem arises and provides a taxonomy of capability-based designs. Within the space of design options defined by the taxonomy we identify a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.
  • Keywords
    *; Access control; capabilities; capability-based architectures; security policy; taxonomy; Access control; Computer security; Contracts; Data security; Government; Information management; Information security; Laboratories; Permission; Taxonomy; *; Access control; capabilities; capability-based architectures; security policy; taxonomy;
  • fLanguage
    English
  • Journal_Title
    Software Engineering, IEEE Transactions on
  • Publisher
    ieee
  • ISSN
    0098-5589
  • Type

    jour

  • DOI
    10.1109/TSE.1987.232892
  • Filename
    1702200
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=745935