article

Discretionary capability confinement

Author:

Philip W. L. FongAuthors Info & Claims

International Journal of Information Security, Volume 7, Issue 2

Pages 137 - 154

https://doi.org/10.1007/s10207-007-0047-5

Published: 28 March 2008 Publication History

Abstract

Motivated by the need of application-level access control in dynamically extensible systems, this work proposes a static annotation system for modeling capabilities in a Java-like programming language. Addressing a common critique of capability systems, the proposed annotation system can provably enforce capability confinement. This confinement guarantee is leveraged to model a strong form of separation of duty known as hereditary mutual suspicion. The annotation system has been fully implemented in a standard Java Virtual Machine.

Cited By

View all

Fong POrr S(2010)Isolating untrusted software extensions by custom scoping rulesComputer Languages, Systems and Structures10.1016/j.cl.2009.12.00236:3(268-287)Online publication date: 1-Oct-2010
https://dl.acm.org/doi/10.1016/j.cl.2009.12.002

Index Terms

Discretionary capability confinement

Recommendations

Discretionary capability confinement
ESORICS'06: Proceedings of the 11th European conference on Research in Computer Security

Motivated by the need of application-level access control in dynamically extensible systems, this work proposes a static annotation system for modeling capabilities in a Java-like programming language. Unlike previous language-based capability systems, ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
Capability Managers

The use of capabilities to control the access of component programs to resources in an operating system is an attractive means by which to provide a uniform protection mechanism. In this paper, a capability is defined as an abstract encapsulation of the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

International Journal of Information Security Volume 7, Issue 2

March 2008

68 pages

ISSN:1615-5262

EISSN:1615-5270

Issue’s Table of Contents

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 28 March 2008

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Fong POrr S(2010)Isolating untrusted software extensions by custom scoping rulesComputer Languages, Systems and Structures10.1016/j.cl.2009.12.00236:3(268-287)Online publication date: 1-Oct-2010
https://dl.acm.org/doi/10.1016/j.cl.2009.12.002

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Index Terms

Recommendations