Fault Tolerant Operating Systems
ACM Computing Surveys (CSUR)
Operating System Structures to Support Security and Reliable Software
ACM Computing Surveys (CSUR)
Reflections on an operating system design
Communications of the ACM
Communications of the ACM
Synchronization of communicating processes
Communications of the ACM
Protection in programming languages
Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Towards more flexible type systems
Programming Symposium, Proceedings Colloque sur la Programmation
The Cambridge CAP computer and its protection system
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
A verifiable protection system
Proceedings of the international conference on Reliable software
Protection in programmed systems.
Protection in programmed systems.
Computer system organization: The B5700/B6700 series (ACM monograph series)
Computer system organization: The B5700/B6700 series (ACM monograph series)
The multics system: an examination of its structure
The multics system: an examination of its structure
Toward type-oriented dynamic vertical migration
ACM SIGMICRO Newsletter
Hi-index | 0.00 |
Some protection mechanisms support the implementation of abstract type objects. The “separation of privilege” and the “least privilege” principles define several requirements that must guide the design of such protection mechanisms. Some of these requirements can be used to eliminate inadequate or unnecessary mechanisms. Type protection mechanisms and some of the requirements of the least privilege principle have either practical theoretical limitations. To mitigate these limitations, a capability-based architecture must support (1) the migration of abstract type objects outside the control of their type manager, and (2) inexpensive, small segments. To meet the requiements of the “separation of privilege” and “least privilege” principles, a capability-based architecture only needs to support (1) protected procedures and (2) “explicit” mechanisms for separating access privileges to objects and to object representations.