Naming and Protection in Extendible Operating Systems
MASSACHUSETTS INST OF TECH CAMBRIDGE PROJECT MAC
Pagination or Media Count:
The properties of capability-based extendible operating systems are described, and various aspects of such systems are discussed, with emphasis on the conflict between free distribution of access privileges and later revocation of those privileges. The discussion culminates in a set of goals for a new scheme. A new design is then proposed, which provides both type extension and revocation through the definition of generalized sealing of capabilities. The implementation of this design is discussed in sufficient detail to demonstrate that it would be workable and acceptably economical. The utility of the proposed capability mechanism is demonstrated by describing two facilities implementable in terms of it. These are a revocable parameters for calls between mutually suspicious subsystems, and b directories providing a civilized dedium for the storage and distribution of revocable capabilities.
- Computer Programming and Software
- Computer Hardware
- Computer Systems Management and Standards