On Access Checking in Capability-Based Systems

Abstract

Public descriptions of capability-based system designs often do not clarify the necessary details concerning the propagation of access rights within the systems. A casual reader may assume that it is adequate for capabilities to be passed in accordance with the rules for data copying. A system using such a rule cannot enforce either the military security policy or the Bell and LaPadula rules. The paper shows why this problem arises and provides a taxonomy of capability-based designs. Within the space of design options defined by the taxonomy we identify a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 1987
Accession Number
ADA462757

Entities

People

  • Carl E. Landwehr
  • Richard Y. Kain

Organizations

  • University of Minnesota

Tags

DTIC Thesaurus Topics

  • Abstracts
  • Computer Access Control
  • Computing-Related Activities
  • Engineering
  • Information Operations
  • Information Security
  • Military Research
  • Security
  • Sequences
  • Software Development
  • Systems Engineering
  • Taxonomy

Readers

  • Cybersecurity.
  • Mathematical Modeling and Probability Theory.
  • Systems Analysis and Design

Technology Areas

  • Space