[cap-talk] Comprehensive Security Policies on Capability Systems
Jonathan S. Shapiro
shap at eros-os.com
Mon Jan 15 11:03:23 CST 2007
On Mon, 2007-01-15 at 12:23 +0100, Neal H. Walfield wrote:
> What I'm looking for then are not descriptions of the fundamental
> patterns, e.g., care takers and seals, but how to use capabilities and
> these patterns to implement a more comprehensive security policy.
> Could anybody point me to some relevant exposés?
The most comprehensively worked example that I know about (hopefully Jed
will have more) is the KeySafe design:
http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/keysafe/Keysafe.html
If anybody has worked out RBAC, I don't know about it, but the basic
approach would be to start with a KeySafe style reference monitor and a
bunch of object servers that were in on the joke.
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100
More information about the cap-talk
mailing list