CACL: efficient fine-grained protection for objects
OOPSLA '92 conference proceedings on Object-oriented programming systems, languages, and applications
Fine grained object protection in UNIX
ACM SIGOPS Operating Systems Review
Sharing and protection in a single-address-space operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on computer architecture
Protection in Grasshopper: A Persistent Operating System
Proceedings of the Sixth International Workshop on Persistent Object Systems
TRON: process-specific file protection for the UNIX operating system
TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
IEEE Transactions on Software Engineering
Hi-index | 0.00 |
The paper describes the design and implementation of a flexible, fine-grained protection mechanism for operating systems based on an object/thread model. The mechanism has the following features: (1) it provides fine-grained protection: each thread has a list of keys (capabilities) and inherits object's keys when it invokes an abject. (2) The mechanism is very flexible: a combination of multiple keys are used to represent various conditions for accessing objects. (3) It allows a group of keys to be defined as key group, which realizes hierarchical, integrated key processing and management. (4) Users can specify an SCL (subject control list), which defines a list of objects that a subject can invoke. This is used to restrict subjects; suspected subjects are only allowed to access the objects specified in the SCL. The proposed mechanism is being implemented in an object-based operating system which the authors are developing. Implementation techniques to improve efficiency are also described.