D. Hagimont, J. Mossière, X. R. D. Pina, F. Saunier
{"title":"隐藏的软件功能","authors":"D. Hagimont, J. Mossière, X. R. D. Pina, F. Saunier","doi":"10.1109/ICDCS.1996.507926","DOIUrl":null,"url":null,"abstract":"Software capabilities are a very convenient means to protect co-operating applications. They allow access rights to be dynamically exchanged between mutually suspicious interacting applications. However in all the proposed approaches, capabilities are made available at the programming language level, requiring application developers to wire protection definition in the application code, which is detrimental to both flexibility and reusability. We believe instead that capabilities should be hidden from the application programmer allowing protection definition and application code to be clearly separated. In this paper we propose a new protection model based on hidden software capabilities, in which protection definition is completely disjoined from the application code and described in an extended interface definition language (IDL). This allows to specify protection for existing modules and to easily change the protection policy of an application. This protection model can be integrated in a wide range of operating systems. We are currently implementing it in a single address space operating system based on distributed shared memory.","PeriodicalId":159322,"journal":{"name":"Proceedings of 16th International Conference on Distributed Computing Systems","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1996-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"41","resultStr":"{\"title\":\"Hidden software capabilities\",\"authors\":\"D. Hagimont, J. Mossière, X. R. D. Pina, F. Saunier\",\"doi\":\"10.1109/ICDCS.1996.507926\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software capabilities are a very convenient means to protect co-operating applications. They allow access rights to be dynamically exchanged between mutually suspicious interacting applications. However in all the proposed approaches, capabilities are made available at the programming language level, requiring application developers to wire protection definition in the application code, which is detrimental to both flexibility and reusability. We believe instead that capabilities should be hidden from the application programmer allowing protection definition and application code to be clearly separated. In this paper we propose a new protection model based on hidden software capabilities, in which protection definition is completely disjoined from the application code and described in an extended interface definition language (IDL). This allows to specify protection for existing modules and to easily change the protection policy of an application. This protection model can be integrated in a wide range of operating systems. We are currently implementing it in a single address space operating system based on distributed shared memory.\",\"PeriodicalId\":159322,\"journal\":{\"name\":\"Proceedings of 16th International Conference on Distributed Computing Systems\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1996-05-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"41\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of 16th International Conference on Distributed Computing Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICDCS.1996.507926\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of 16th International Conference on Distributed Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDCS.1996.507926","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Software capabilities are a very convenient means to protect co-operating applications. They allow access rights to be dynamically exchanged between mutually suspicious interacting applications. However in all the proposed approaches, capabilities are made available at the programming language level, requiring application developers to wire protection definition in the application code, which is detrimental to both flexibility and reusability. We believe instead that capabilities should be hidden from the application programmer allowing protection definition and application code to be clearly separated. In this paper we propose a new protection model based on hidden software capabilities, in which protection definition is completely disjoined from the application code and described in an extended interface definition language (IDL). This allows to specify protection for existing modules and to easily change the protection policy of an application. This protection model can be integrated in a wide range of operating systems. We are currently implementing it in a single address space operating system based on distributed shared memory.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
