Operating System Structures to Support Security and Reliable Software
ACM Computing Surveys (CSUR)
Cryptographic sealing for information secrecy and authentication
Communications of the ACM
J-Kernel: a capability-based operating system for Java
Secure Internet programming
Another general purpose computer architecture
ACM SIGARCH Computer Architecture News
A new protection architecture for the Cambridge capability computer
ACM SIGOPS Operating Systems Review
Survey of recent operating systems research, designs and implementations
ACM SIGOPS Operating Systems Review
Tagged architecture and the semantics of programming languages: Extensible types
ISCA '76 Proceedings of the 3rd annual symposium on Computer architecture
Protection in the Hydra Operating System
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Primitives for distributed computing
SOSP '79 Proceedings of the seventh ACM symposium on Operating systems principles
Variable-length capabilities as a solution to the small-object problem
SOSP '79 Proceedings of the seventh ACM symposium on Operating systems principles
Luna: a flexible Java protection system
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
Using type-extension to organize virtual-memory mechanisms
ACM SIGOPS Operating Systems Review
Operating system protection for fine-grained programs
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Implementing multiple protection domains in java
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
A rider to "A Question of Semantics"
ACM SIGARCH Computer Architecture News
Implementing commercial data integrity with secure capabilities
SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
The trusted path between SMITE and the user
SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
Dynamic access control in a concurrent object calculus
CONCUR'06 Proceedings of the 17th international conference on Concurrency Theory
| Hi-index | 0.02 |
The properties of capability-based extendable operating systems are described, and various aspects of such systems are discussed, with emphasis on the conflict between free distribution of access privileges and later revocation of those privileges. The discussion culminates in a set of goals for a new capability scheme. A new design is then proposed, which provides both type extension and revocation through the definition of generalized sealing of capabilities. The implementation of this design is discussed in sufficient detail to demonstrate that it would be workable and acceptable economically. The utility of the proposed capability mechanism is demonstrated by describing two facilities implementable in terms of it. These are: (a) revocable parameters for calls between mutually suspicious subsystems, and (b) directories providing a civilized medium for the storage and distribution of revocable capabilities.