Lecture Notes on Capabilities in Computer Systems - Prof. Hao Chen, Study notes of Computer Science

These lecture notes provide an overview of capabilities in computer systems, including the concept of access control, access control matrix, problems with matrix-based systems, and the introduction of capabilities. The document also discusses the importance of ensuring capabilities are unforgeable and the existence of covert channels. Solutions to covert channels and implementing capabilities through cryptography, memory protection, and objects are also covered.

Typology: Study notes

Pre 2010

Uploaded on 07/31/2009

koofers-user-j5o-1
koofers-user-j5o-1 🇺🇸

10 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture Notes for Capabilities
ECS 235A Fall 2008
Transcribed by Fangqi Sun
Nov 4, 2008
Papers:
The Confused Deputy, Hardy.
Access Control, Laurie.
Access control matrix
In computer systems, we have subjects and objects.
Subjects are typically users or their representative processes.
Objects are resources such as files and devices.
Access control is to determine what subjects can access what objects.
Access control policies are most generally defined through access control matrix. The rows
of access control matrix are objects; the columns are subjects; each cell in the matrix records
rights.
Figure 1: Access Control Matrix
1
pf3

Partial preview of the text

Download Lecture Notes on Capabilities in Computer Systems - Prof. Hao Chen and more Study notes Computer Science in PDF only on Docsity!

Lecture Notes for Capabilities

ECS 235A Fall 2008

Transcribed by Fangqi Sun

Nov 4, 2008

Papers:

  • The Confused Deputy, Hardy.
  • Access Control, Laurie.

Access control matrix

In computer systems, we have subjects and objects.

  • Subjects are typically users or their representative processes.
  • Objects are resources such as files and devices.
  • Access control is to determine what subjects can access what objects.

Access control policies are most generally defined through access control matrix. The rows of access control matrix are objects; the columns are subjects; each cell in the matrix records rights.

Figure 1: Access Control Matrix

Problems with access control matrix

  • Not easily extendable
  • Matrix might be sparse and space may be wasted

Access control list

  • A row in access control matrix
  • Stored with objects

Capability

  • A column in Access Control Matrix
  • Stored with subjects

A good capability system has to make sure that capabilities are unforgeable. This includes protection against creating new capabilities and copying existing ones. Copying is a hard issue to deal with because of the possible existence of covert channels.

Covert channel

A covert channel is a channel for conveying information that is not created for that pur- pose. Covert channels are difficult to defend against. One example of covert channels is the existence of specific files names.

Possible solutions to covert channel

  • SSH pad package
  • Random timing

How to implement Capabilities

  • Cryptography
  • Memory protection (e.g. file descriptor)
  • Objects (view each object as a capability)