{"title":"扩展的自由访问控制","authors":"S. Vinter","doi":"10.1109/SECPRI.1988.8096","DOIUrl":null,"url":null,"abstract":"A discretionary access control mechanism proposed for a secure distributed operating system (DOS) being designed at BBN Laboratories is presented. The DOS is an object-oriented system that uses access control lists to authorize access to objects. Discretionary controls are implemented in a type-specific manner inside the managers of objects. Several extensions to conventional access control lists are proposed, including a limited form of privilege transfer, module interconnection control, support for direct operations roles, and restricted roles. A technique for automatically generating access control implementations is presented that is based on nonprocedural specifications, and an implementation approach is proposed that allows the generated code to be embedded with high assurance in untrusted object managers using hardware protection rings. The concepts and mechanisms are illustrated with a simple banking example.<<ETX>>","PeriodicalId":131674,"journal":{"name":"Proceedings. 1988 IEEE Symposium on Security and Privacy","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1988-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":"{\"title\":\"Extended discretionary access controls\",\"authors\":\"S. Vinter\",\"doi\":\"10.1109/SECPRI.1988.8096\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A discretionary access control mechanism proposed for a secure distributed operating system (DOS) being designed at BBN Laboratories is presented. The DOS is an object-oriented system that uses access control lists to authorize access to objects. Discretionary controls are implemented in a type-specific manner inside the managers of objects. Several extensions to conventional access control lists are proposed, including a limited form of privilege transfer, module interconnection control, support for direct operations roles, and restricted roles. A technique for automatically generating access control implementations is presented that is based on nonprocedural specifications, and an implementation approach is proposed that allows the generated code to be embedded with high assurance in untrusted object managers using hardware protection rings. The concepts and mechanisms are illustrated with a simple banking example.<<ETX>>\",\"PeriodicalId\":131674,\"journal\":{\"name\":\"Proceedings. 1988 IEEE Symposium on Security and Privacy\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1988-04-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"30\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. 1988 IEEE Symposium on Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECPRI.1988.8096\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 1988 IEEE Symposium on Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECPRI.1988.8096","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A discretionary access control mechanism proposed for a secure distributed operating system (DOS) being designed at BBN Laboratories is presented. The DOS is an object-oriented system that uses access control lists to authorize access to objects. Discretionary controls are implemented in a type-specific manner inside the managers of objects. Several extensions to conventional access control lists are proposed, including a limited form of privilege transfer, module interconnection control, support for direct operations roles, and restricted roles. A technique for automatically generating access control implementations is presented that is based on nonprocedural specifications, and an implementation approach is proposed that allows the generated code to be embedded with high assurance in untrusted object managers using hardware protection rings. The concepts and mechanisms are illustrated with a simple banking example.<>
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
