摘要: The author presents the design of an identity-based capability protection system called ICAP, which is aimed at a distributed in network environment. semantics traditional capabilities are modified to incorporate subject identities. This enables monitoring, mediating, and recording propagations enforce security policies. It also supports administrative activities such as traceability. has developed exception-list approach achieve rapid revocation idea propagation trees for complete revocation. Compared with existing designs, ICAP requires much less storage potential lower cost better real-time performance. proposes expand R.Y. Kain C.E. Landwehr's (1987) taxonomy capability-based systems cover wider range designs. >
ieeecomputersociety.org参考文章(8)
Paul Ashley Karger, Improving security and performance for capability systems ,(1988)
R.Y. Kain, C.E. Landwehr, On Access Checking in Capability-Based Systems IEEE Transactions on Software Engineering. ,vol. 13, pp. 202- 207 ,(1987) , 10.1109/TSE.1987.232892
Paul A. Karger, Andrew J. Herbert, An Augmented Capability Architecture to Support Lattice Security and Traceability of Access ieee symposium on security and privacy. pp. 2- 2 ,(1984) , 10.1109/SP.1984.10001
Butler W. Lampson, A note on the confinement problem Communications of the ACM. ,vol. 16, pp. 613- 615 ,(1973) , 10.1145/362375.362389
Snyder, Formal Models of Capability-Based Protection Systems IEEE Transactions on Computers. ,vol. 30, pp. 172- 181 ,(1981) , 10.1109/TC.1981.1675753
Carl E. Landwehr, Formal Models for Computer Security ACM Computing Surveys. ,vol. 13, pp. 247- 278 ,(1981) , 10.1145/356850.356852
David D. Clark, David R. Wilson, A Comparison of Commercial and Military Computer Security Policies ieee symposium on security and privacy. pp. 184- 184 ,(1987) , 10.1109/SP.1987.10001
K.R. Sollins, Cascaded authentication ieee symposium on security and privacy. pp. 156- 163 ,(1988)