{"title":"立即撤销的新方法","authors":"Paul A. Karger","doi":"10.1109/SECPRI.1989.36276","DOIUrl":null,"url":null,"abstract":"The author introduces two techniques for immediate revocation of access rights: revocation with event counts and revocation by chaining. The two algorithms are appropriate for shared and unshared page tables, respectively, and can be used for both access control list and capability-based systems. The proposed techniques are much simpler to implement and more efficient in operation than previous revocation techniques and are therefore more appropriate for implementation in a security kernel, where simplicity of design is crucial. Furthermore, both techniques are particularly appropriate for RISC (reduced-instruction-set computer) implementations where translation buffer misses are handled in software. However, the techniques are very dependent on the particular style of memory management available on the underlying hardware. It is concluded that, with these techniques, user requirements for immediate revocation can be easily met in any operating system on security kernel design.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"New methods for immediate revocation\",\"authors\":\"Paul A. Karger\",\"doi\":\"10.1109/SECPRI.1989.36276\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The author introduces two techniques for immediate revocation of access rights: revocation with event counts and revocation by chaining. The two algorithms are appropriate for shared and unshared page tables, respectively, and can be used for both access control list and capability-based systems. The proposed techniques are much simpler to implement and more efficient in operation than previous revocation techniques and are therefore more appropriate for implementation in a security kernel, where simplicity of design is crucial. Furthermore, both techniques are particularly appropriate for RISC (reduced-instruction-set computer) implementations where translation buffer misses are handled in software. However, the techniques are very dependent on the particular style of memory management available on the underlying hardware. It is concluded that, with these techniques, user requirements for immediate revocation can be easily met in any operating system on security kernel design.<<ETX>>\",\"PeriodicalId\":126792,\"journal\":{\"name\":\"Proceedings. 1989 IEEE Symposium on Security and Privacy\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1989-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. 1989 IEEE Symposium on Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECPRI.1989.36276\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 1989 IEEE Symposium on Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECPRI.1989.36276","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The author introduces two techniques for immediate revocation of access rights: revocation with event counts and revocation by chaining. The two algorithms are appropriate for shared and unshared page tables, respectively, and can be used for both access control list and capability-based systems. The proposed techniques are much simpler to implement and more efficient in operation than previous revocation techniques and are therefore more appropriate for implementation in a security kernel, where simplicity of design is crucial. Furthermore, both techniques are particularly appropriate for RISC (reduced-instruction-set computer) implementations where translation buffer misses are handled in software. However, the techniques are very dependent on the particular style of memory management available on the underlying hardware. It is concluded that, with these techniques, user requirements for immediate revocation can be easily met in any operating system on security kernel design.<>
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
