By Topic

Privilege transfer and revocation in a port-based system

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Krithivasan Ramamritham ; Department of Computer and Information Science, University of Massachusetts, Amherst, MA 01003 ; David Stemple ; David A. Briggs ; Stephen Vinter

Gutenberg is a port-based operating system being designed to study protection issues in distributed systems. All shared resources are viewed as protected objects and hence can be assessed only via specific operations defined on them. Processes communicate and access objects through the use of ports. Each port is associated with an abstract data type operation and can be created by a process only if the process has the capability to execute the operation on the type. Thus, a port represents the privilege of the port's client process to request a service. Capabilities to create ports for requesting operations are contained in a capability directory, which is navigated by processes to gain these capabilities. Privilege transfer is a means of providing servers access to the resources they need to perform their services. In Gutenberg, privilege transfer is accomplished by allowing access to subdirectories of the capability directory and by passing capabilities, including port access capabilities, to processes via ports. It should be possible to revoke transferred privileges when breaches of trust are detected or suspected, when a period of time has passed beyond which the distributor of a privilege does not want the privilege shared, or when an error has been detected.

Published in:

IEEE Transactions on Software Engineering  (Volume:SE-12 ,  Issue: 5 )