[cap-talk] Capability computation from ACLs?

[Yuvaraj Athur Raghuvir]

>From the common access matrix representation of permission setting, I
understand that the capabilities are in a sense _dual_ to the Access Control
List. What this tells me is that given a ACL based system, and as ACL begets
ACL (as *David Barbour* indicates for the success of ACLs), it is possible
to move from a ACL based system into a capability  based system.

In particular, given that the Java's i/o is insecure, if there is an access
matrix associated with an i/o resource (say file), would it be possible to
construct _always_ a capability i/o resource (say secureFile)?

I think this is interesting because
a) ACL based systems dominate in current use
b) for distributed secure network interactions, capability based systems
provide a good alternative.
c) just as insecure platforms can host capability secured
applications/systems, so too can any current ACL system allow for capability
based distributed system if the ACL + Resource can be reversibly and
efficiently transformed to Capability + Resource.

I imagine a capability-secured systems that 'hover' above the ACL-secured
systems.

Probably this is a  practical approach to enable network applications so
that the disruption to the current installations are minimized. Clearly, the
supporting ACL secured systems could evolve towards a capability system but
that is not mandated to begin with.

What do you think?

[I am reading the Horton paper and understand that Polaris and Plash do this
in a way. I am yet to understand the advances made in these two apps and
what Horton proposes.]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20100323/4bec1011/attachment.html