Protection Mechanism Based on Multiple Capability Lists
スポンサーリンク
概要
- 論文の詳細を見る
In order to fulfil today's various requirements for information protection, it is necessary to incorporate more than one capability list and to switch these lists as the occasion demands. Usually, a segment map is used to describe the access capability of a process. The ring protection mechanism is useful for hierarchical relations, although it is necessary to switch segment maps to protect mutually suspicious subsystems. Combining such a mechanism with the ring protection mechanism, results in a more powerful protection mechanism. The requirement for the "owner's" capability should be separated from the "process'" capability. The owner's capability is the capability which is proper to the owner of the procedure currently being executed by some user's process. The owner's capability might produce loopholes of information if it is used incorrectly. The "not owner writable" right is useful to avoid such misuse of the owner's capability. Further, it is necessary to provide a system facility, the "append through the account channel" right, for the purpose of accounting. An argument capability list is needed upon a procedure call; then, the called procedure can refer to the necessary arguments without any excess or deficiency in access capability. By stacking up argument capability lists, the generality of procedure invocation is maintained. The return to the caller's domain is easily accomplished by including the return gate in this stack.
- 一般社団法人情報処理学会の論文
- 1979-07-30