Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Access control lists in capability environments
Lopriore L. Technology and Science of Informatics3 (3):163-174,1984.Type:Article
Date Reviewed: Mar 1 1985

To control access to system resources, systems must store information about who is authorized to access what. Basically, there are two ways to store such informatio efficiently. The system can associate with each authorized user a list of what that person may do. Alternatively, the system can associate with with each resource a list of who may have access to it and what they can do with it. Lists of the former type are capability lists and those of the latter type are access control lists. Like Berstis [1] and Karger and Herbert [2], Lopriore has concluded that, even in a machine that provides architectural support for capability lists, each type of list has a role to play in efficient access control.

Lopriore’s paper combines, uncommonly well, scholarly and more pragmatic views of the relevant issues. Its treatment of capabilities’ weaknesses (dangling references, garbage collection, and revocation of privilege) is exemplary; so, too, are its rigor, comprehensibility, and the extent to which it refers earlier work, [1] and [2] excepted.
Reviewer:  S. A. Kurzban Review #: CR108922
1) V. Security and protection of data in the IBM System/38, Third seminar on the DoD computer security intiative, National Bureau of Standards, (Gaithersburg, MD, Nov. 18-20, 1980, pp. F-1-F-8.
2) Karger, P.; and Herbert, A.An augmented capability architecture to support lattice security and traceability of access. Proc. of the 1983 symposium on security and privacy of the IEEE computer society technical committee on security and privacy, New York, 1983, 2-12.
Bookmark and Share
 
Access Controls (D.4.6 ... )
 
 
Access Methods (D.4.3 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Access Controls": Date
Some variants of the take-grant protection model
Biskup J. (ed) Information Processing Letters 19(3): 151-156, 1984. Type: Article		 Jun 1 1985
On access checking in capability-based systems
Kain R., Landwehr C. (ed) IEEE Transactions on Software Engineering SE-13(2): 202-207, 1987. Type: Article		 Dec 1 1987
Controls for interorganization networks
Estrin D. IEEE Transactions on Software Engineering SE-13(2): 249-261, 1987. Type: Article		 Nov 1 1987
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy