lecture_3_part_2

File x read capabilities for c user c write cs 236

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ty Provided! File X Read Capabilities for C User C write CS 236 Online ie d den rite w Capability Checking File X Check validity of capability Lecture 3 Page 5 How Will This Work in a How can we Network? Capabilities tell if it’s a good capability? for A Subject A File X Read, Write Capabilities for B File X Subject Subject B File X Read Read File X Read, Write Capabilities for C Subject C Subject C CS 236 Online Capability Checking Lecture 3 Page 6 Revoking Capabilities Fred Nancy CS 236 Online Accounts receivable How do we take away Fred’s capability? Without taking away Nancy’s? Lecture 3 Page 7 Revocation By Destroying the Capability How can you be Fred Accounts receivable sure you’ve destroyed all copies everywhere? Nancy CS 236 Online Lecture 3 Page 8 Revocation By Invalidation on Use Read Accounts Receivable Fred Accounts receivable Ted Anne Fred Nancy CS 236 Online Accounts receivable capability revocation list Costs time to check revocation list Especially if list gets long Lecture 3 Page 9 Revocation By Generation Numbers 3 4 Fred Nancy CS 236 Online 3 Accounts receivable 3 If generation numbers match, the capability is still valid To invalidate capability, increase generation number Can replace generation Requires some number with control of capabilities some other Selective revocation software token Lecture 3 is hard Page 10 Pros and Cons of Capabilities + Easy to determine what a subject can access + Potentially faster than ACLs (in some circumstances)...
View Full Document

This document was uploaded on 11/01/2013.

Ask a homework question - tutors are online