摘要: Hogan in her recent paper presented the requirements and characteristics of operating systems to realize principle complete mediation She states requires that every access object be checked for authority This implies a secure system must utilize foolproof method identifying source request Wells argues later s discussion does not apply contemporary capability based technology statement is true such used KeyKOS as an example In our opinion argument holds at most one special type which we refer fully armed fact can argue utilization mechanism implicitly embedded throughout design mixed with other issues would naturally more di cult Moreover it hard convinced architecture like suitable support open policy A simple question who will maintain those discernible external communications run across geographical organizational boundaries And do trust them The aim this note supply picture security
core.ac.uk
acm.org
erights.org 参考文章(11)
Paul Ashley Karger, Improving security and performance for capability systems ,(1988)
S.J. Mullender, A.S. Tanenbaum, R. van Renesse, Using Sparse Capabilities in a Distributed Operating System international conference on distributed computing systems. pp. 558- 563 ,(1986)
S.A. Rajunas, N. Hardy, A.C. Bomberger, W.S. Frantz, C.R. Landau, Security In Keykos ieee symposium on security and privacy. pp. 78- 78 ,(1986) , 10.1109/SP.1986.10000
Codie Wells, A Note on "Protection Imperfect" Operating Systems Review. ,vol. 22, pp. 35- ,(1988) , 10.1145/54289.871707
R.Y. Kain, C.E. Landwehr, On Access Checking in Capability-Based Systems IEEE Transactions on Software Engineering. ,vol. 13, pp. 202- 207 ,(1987) , 10.1109/TSE.1987.232892
Paul A. Karger, Andrew J. Herbert, An Augmented Capability Architecture to Support Lattice Security and Traceability of Access ieee symposium on security and privacy. pp. 2- 2 ,(1984) , 10.1109/SP.1984.10001
Carole B. Hogan, Protection imperfect: the security of some computing environments Operating Systems Review. ,vol. 22, pp. 7- 27 ,(1988) , 10.1145/47671.47672
Butler W. Lampson, A note on the confinement problem Communications of the ACM. ,vol. 16, pp. 613- 615 ,(1973) , 10.1145/362375.362389
Snyder, Formal Models of Capability-Based Protection Systems IEEE Transactions on Computers. ,vol. 30, pp. 172- 181 ,(1981) , 10.1109/TC.1981.1675753
Carl E. Landwehr, Formal Models for Computer Security ACM Computing Surveys. ,vol. 13, pp. 247- 278 ,(1981) , 10.1145/356850.356852