On Access Checking in Capability-Based Systems

  • Authors:
  • Richard Y. Kain;Carl E. Landwehr

  • Affiliations:
  • Univ. of Minnesota, Minneapolis;Naval Research Laboratory, Washington, DC

  • Venue:
  • IEEE Transactions on Software Engineering - Special issue on computer security and privacy
  • Year:
  • 1987

Quantified Score

Hi-index 0.00

Visualization

Abstract

Public descriptions of capability-based system designs often do not clarify the necessary details concerning the propagation of access rights within the systems. A casual reader may assume that it is adequate for capabilities to be passed in accordance with the rules for data copying. A system using such a rule cannot enforce either the military security policy or the Bell and LaPadula rules. The paper shows why this problem arises and provides a taxonomy of capability-based designs. Within the space of design options defined by the taxonomy we identify a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.