[cap-talk] Capability computation from ACLs?
Yuvaraj Athur Raghuvir
yuvaraj.a.r at gmail.com
Tue Mar 23 13:20:13 PDT 2010
>From the common access matrix representation of permission setting, I
understand that the capabilities are in a sense _dual_ to the Access Control
List. What this tells me is that given a ACL based system, and as ACL begets
ACL (as *David Barbour* indicates for the success of ACLs), it is possible
to move from a ACL based system into a capability based system.
In particular, given that the Java's i/o is insecure, if there is an access
matrix associated with an i/o resource (say file), would it be possible to
construct _always_ a capability i/o resource (say secureFile)?
I think this is interesting because
a) ACL based systems dominate in current use
b) for distributed secure network interactions, capability based systems
provide a good alternative.
c) just as insecure platforms can host capability secured
applications/systems, so too can any current ACL system allow for capability
based distributed system if the ACL + Resource can be reversibly and
efficiently transformed to Capability + Resource.
I imagine a capability-secured systems that 'hover' above the ACL-secured
Probably this is a practical approach to enable network applications so
that the disruption to the current installations are minimized. Clearly, the
supporting ACL secured systems could evolve towards a capability system but
that is not mandated to begin with.
What do you think?
[I am reading the Horton paper and understand that Polaris and Plash do this
in a way. I am yet to understand the advances made in these two apps and
what Horton proposes.]
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cap-talk