

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
These lecture notes provide an overview of capabilities in computer systems, including the concept of access control, access control matrix, problems with matrix-based systems, and the introduction of capabilities. The document also discusses the importance of ensuring capabilities are unforgeable and the existence of covert channels. Solutions to covert channels and implementing capabilities through cryptography, memory protection, and objects are also covered.
Typology: Study notes
1 / 3
This page cannot be seen from the preview
Don't miss anything!


Papers:
In computer systems, we have subjects and objects.
Access control policies are most generally defined through access control matrix. The rows of access control matrix are objects; the columns are subjects; each cell in the matrix records rights.
Figure 1: Access Control Matrix
Problems with access control matrix
Access control list
Capability
A good capability system has to make sure that capabilities are unforgeable. This includes protection against creating new capabilities and copying existing ones. Copying is a hard issue to deal with because of the possible existence of covert channels.
Covert channel
A covert channel is a channel for conveying information that is not created for that pur- pose. Covert channels are difficult to defend against. One example of covert channels is the existence of specific files names.
How to implement Capabilities