Liang-Jui Shen, Yusong Tan, Pan Dong, Jun Ma, Xiaoling Li
{"title":"一种简单有效的对象能力撤销方法","authors":"Liang-Jui Shen, Yusong Tan, Pan Dong, Jun Ma, Xiaoling Li","doi":"10.1145/3548636.3548656","DOIUrl":null,"url":null,"abstract":"Revocation is important but difficult in object-capability based systems. As an essential mechanism of capability management, revocation provides the basis for canceling of granted access rights and reclaiming of shared resources. However, efficient revocation of capabilities is difficult to achieve due to the considerations for selective revocation and safety. In this paper, we propose an simple and efficient object-capability revocation method. We are inspired by the classic garbage collection algorithm Mark-and-Sweep algorithm, and decouple revocation process to two phases. In the first phase, capabilities are centrally set to be invalid or masked, by updating related fields in capability tap. In the second phase, this method trigger Rust's memory reclaim mechanism to sweep the disabled capabilities safely. Additionally, the sweep progress can be done as lazy sweeping to support fast revocation returning. Our revocation method can support selective revocation more efficiently than the existing methods, and the revocation process is concise and safe.","PeriodicalId":384376,"journal":{"name":"Proceedings of the 4th International Conference on Information Technology and Computer Communications","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Simple and Efficient Object-Capability Revocation Method\",\"authors\":\"Liang-Jui Shen, Yusong Tan, Pan Dong, Jun Ma, Xiaoling Li\",\"doi\":\"10.1145/3548636.3548656\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Revocation is important but difficult in object-capability based systems. As an essential mechanism of capability management, revocation provides the basis for canceling of granted access rights and reclaiming of shared resources. However, efficient revocation of capabilities is difficult to achieve due to the considerations for selective revocation and safety. In this paper, we propose an simple and efficient object-capability revocation method. We are inspired by the classic garbage collection algorithm Mark-and-Sweep algorithm, and decouple revocation process to two phases. In the first phase, capabilities are centrally set to be invalid or masked, by updating related fields in capability tap. In the second phase, this method trigger Rust's memory reclaim mechanism to sweep the disabled capabilities safely. Additionally, the sweep progress can be done as lazy sweeping to support fast revocation returning. Our revocation method can support selective revocation more efficiently than the existing methods, and the revocation process is concise and safe.\",\"PeriodicalId\":384376,\"journal\":{\"name\":\"Proceedings of the 4th International Conference on Information Technology and Computer Communications\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 4th International Conference on Information Technology and Computer Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3548636.3548656\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 4th International Conference on Information Technology and Computer Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3548636.3548656","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Simple and Efficient Object-Capability Revocation Method
Revocation is important but difficult in object-capability based systems. As an essential mechanism of capability management, revocation provides the basis for canceling of granted access rights and reclaiming of shared resources. However, efficient revocation of capabilities is difficult to achieve due to the considerations for selective revocation and safety. In this paper, we propose an simple and efficient object-capability revocation method. We are inspired by the classic garbage collection algorithm Mark-and-Sweep algorithm, and decouple revocation process to two phases. In the first phase, capabilities are centrally set to be invalid or masked, by updating related fields in capability tap. In the second phase, this method trigger Rust's memory reclaim mechanism to sweep the disabled capabilities safely. Additionally, the sweep progress can be done as lazy sweeping to support fast revocation returning. Our revocation method can support selective revocation more efficiently than the existing methods, and the revocation process is concise and safe.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
