A. S. Tanenbaum, S. J. Mullender, and R. van Renesse, "Using sparse capabilities in a distributed operating system, " in Proceedings of the 6th International Conference on Distributed Computing Systems, 1986, pp. 558--563.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....one hand, disk space is usually managed with a quota system which limits the amount of space a user can occupy. Alternatively, economic models can be used, which associate a price with a resource, and users buy or rent space, involving some form of payment [Anderson et al. 1986, Mullender and Tanenbaum, 1986, Drexler and Miller, 1988, Heiser et al. 1998b] On the other hand, processor time is allocated according to some priority scheme. Priorities can be hard, meaning that a process will only execute if no higher priority process is runnable, or soft, meaning that a process priority in uences the ....

.... Management Mungi has a secondary storage management model designed to control the proliferation of objects in the system [Heiser et al. 1998b] This model is based on the rent scheme in the Monash Password Capability System [Anderson et al. 1986] and bank accounts from Amoeba [Mullender and Tanenbaum, 1986]. Its main objective is to ensure users do not starve or exploit others through excessive use. 2.2.1 Bank Accounts Secondary storage is managed by charging rent for backing store usage through special objects called bank accounts. Accounts with money available for rent charging have a nancial ....

[Article contains additional citation context not shown here]

Tanenbaum, A. S., Mullender, S. J., and van Renesse, R. (1986). Using sparse capabilities in a distributed operating system. In Proceedings of the 6th IEEE International Conference on Distributed Computing Systems (ICDCS), pages 558-563. IEEE.

....from theft and disclosure, e.g. by encrypting part of the capability. 2.2 Amoeba File Server Amoeba is a distributed object oriented operating system designed for a network of closely connected machines. Amoeba uses sparse capabilities to protect all objects in the system including files [38]. Capabilities are stored in data structures in a process address space and can be exchanged freely among processes. The Amoeba file service consists of two distinct servers: the directory server and the Bullet file server [32] The directory server maps human chosen ASCII names to capabilities ....

A. S. Tanenbaum, S. J. Mullender, and R. van Renesse. Using sparse capabilities in a distributed operating system. In Proceedings of the 6th International Conference in Computing Systems, pages 558--563, June 1986.

....by encryption. In these systems, the standard addressing mechanism of the underlying hardware (i.e. virtual addresses) is used for addressing objects, and capabilities are only used for object protection and access control. Examples of software capability based systems are the Amoeba system [11] based on the client server paradigm and the Opal single address space system [2] However, in these systems, capabilities are made available at the programming language level through capability variables that are used explicitly for accessing objects and exchanging access rights. In this paper, ....

A. Tanenbaum, S. Mullender, R. Van Renesse, Using Sparse Capabilities in a Distributed Operating System, 6th International Conference on Distributed Computing Systems, 1986.

....VatA VatC VatB b1 VatID SwissNumber Joe Fig. 5. Pluribus in operation. The description so far applies equally well to many distributed object systems, such as CORBA and RMI, that have no ambitions to capability security. What more do we need to make this into a secure protocol (See also [4, 9, 10, 32, 40]) 4.2 Cryptographic Capabilities On creation, each vat generates a public private key pair. The fingerprint of the vat s public key is its vat Identity, or VatID. What does the VatID identify The VatID can only be said to designate any vat which knows and uses the corresponding private key ....

Andrew S. Tanenbaum, Sape J. Mullender, Robbert van Renesse, "Using Sparse Capabilities in a Distributed Operating System" (1986) Proc. Sixth Int'l Conf. On Distributed Computing Systems, IEEE, pp. 558-563. http://www.scs.carleton.ca/~csgs/resources/amoeba/5.ps.gz

....to other data objects. While these projects make important contributions, none offers the flexibility and ease of use available with data units and data unit links. 30 7. 3 Security and Resource Identification A fairly common resource identification and protection mechanism is a capability [Ta86]. Mach, Amoeba, Chorus and Concert all support capabilities which contain encoded access rights to a resource. Capabilities are not sensitive context, a thread which possesses one has the access rights, regardless of how it was obtained. They can be passed by one thread to another, allowing ....

Tanenbaum, A., et. al., Using Sparse Capabilities in a Distributed Operating System, Proc. of the 6th Int. Conf. on Distributed Operating Systems, IEEE, 1986, pp. 558-563.

....This simplifies the expression of an access control policy, keeps application code simple and enforces modularity. The JCCap capability based model is presented in the next section. 2. 3 Rationale Capability based protection mechanisms have been defined and implemented in a variety of systems [Levy84, Tanenbaum86, Richardson92] including the Java environment [Goldstein97] However, in all the proposed approaches, capabilities are made available at the programming language level through capability variables that are used explicitly for accessing objects, changing protection domains and transferring access rights between ....

A. S. Tanenbaum, S. J. Mullender, and R. V. Renesse, "Using sparse capabilities in a distributed operating system", Proc. og the Sixth IEEE International Conference on Distributed Computing Systems, pp. 558-563 , 1986.

....a particular operation (either accessing one method of one object or executing a high level operation involving several objects) it must be given at least one capability. The capability creation rules specify how to build such capabilities. These capabilities are similar to those defined in [Tanenbaum et al. 1986, Gong 1989] A capability on an object holds, as a minimum, a reference and a list of rights for that object. We also have to ensure that a capability cannot be forged, cannot be replayed and can only be used by the object for which the capability is created. We assume in the rest of this report ....

A. S. Tanenbaum, S. J. Mullender and R. v. Renesse, "Using Sparse Capabilities in a Distributed Operating System", in 6th International Conference on Distributed Computing Systems, (Cambridge, MA, USA), pp.558-63, 1986.

....privileges from relatively innocuous operations [4] creating and managing a user s access matrix can be somewhat burdensome. The Java object signing model is based on the notion of capabilities [3] which has existed in the security component of many novel systems such as Taos [7] and Amoeba [5] for quite some time. A capability is a pointer to a controlled system resource that cannot be duplicated, thus protecting the resource from misuse. A program that wishes to use a controlled resource must do so through a capability, but the ability to use a capability needs to be explicitly ....

A.S Tanenbaum, S.J Mullender, and R. Van Renesse. Using sparse capabilities in a distributed operating system. 6th International Conference on Distributed Computing Systems, pages 558--563, 1986.

....CWI Amsterdam, Netherlands or Andy Tanenbaum, Dept. of Mathematics and Computer Science, Vrije Universiteit, Postbus 7161, 1007 MC Amsterdam, Netherlands. References: 10] 11] 12] 13] 14] 15] 16] 17] 18] 19] 20] 21] 22] 23] 24] 25] 26] 27] 28] 29] 30] [31], 32] 2.4 Andrew Main Goal Andrew is a distributed computing environment being developed at the Carnegie Mellon University, Pittsburg in a workstation server principle. The goals of the Andrew file system are to support growth up to at least 7000 workstations in a campus wide connected ....

A.S. Tanenbaum, S.J. Mullender, and R. van Renesse, "Using Sparse Capabilities in a Distributed Operating Systems", In Proc. 6th Int. Conf. on Distributed Computing Systems, pages 558--563, May 1986.

....In order to protect internal objects, the environment uses a capability scheme. A capability is comprised of four elements: the object class identification, the object identification inside its class, the object permissions and a random number. This capability concept was first proposed by AMOEBA [11], and is adequate to the proposed environment. Each internal object has an associated capability, determined at creation time. Whenever a new object is created, its capability is stored inside the environment and a copy is given to the creator thread. In order to gain access to an object, a ....

TANENBAUM, A., Using Sparse Capabilities in a Distributed Operating System, Amsterdam: Vrije Universiteit, 1992 (Relatrio Tcnico).

....may involve capability transfers between protection domains. The main idea of Hidden Software Capabilities is to hide capabilities from the programmer when they are used for access rights control, protection domain crossing and access rights transfer. Indeed, in all the proposed approaches (e.g. Tanenbaum 86, Chase 94] capabilities are made available at the 5 programming language level through capability variables that are used explicitly for protection management. With Hidden Software Capabilities, the application code is independent from protection. Capabilities checks are performed ....

A. S. Tanenbaum, S. J. Mullender, R. Van Renesse. Using Sparse Capabilities in a Distributed Operating System, Proc. of the Sixth IEEE International Conference on Distributed Computing Systems, pp. 558-563, 1986.

No context found.

Tanenbaum, A.S., Mullender, S.J., and van Renesse, R.: "Using Sparse Capabilities in a Distributed Operating System" Proc. Sixth International Conf. on Distr. Computer Systems , IEEE, 1986.

No context found.

Tanenbaum, A.S., Mullender, S.J., and van Renesse, R.: "Using Sparse Capabilities in a Distributed Operating System" Proc. Sixth International Conf. on Distr. Computer Systems , IEEE, pp. 558-663, 1986. -

No context found.

A. S. Tanenbaum, S. J. Mullender, and R. van Renesse, "Using sparse capabilities in a distributed operating system, " in Proceedings of the 6th International Conference on Distributed Computing Systems, 1986, pp. 558--563.

No context found.

A. S. Tanenbaum, S. J. Mullender, and R. van Renesse, "Using sparse capabilities in a distributed operating system, " in Proceedings of the 6th International Conference on Distributed Computing Systems, 1986, pp. 558--563.

No context found.

Andrew Tanenbaum, Sape Mullender, and Robert van Renesse. Using Sparse Capabilities in a Distributed Operating System. In Proceedings of the 6th International Conference on Distributed Computing Systems (ICDCS), May 1986.

No context found.

A. S. Tanenbaum, S. J. Mullender, and R. van Renesse. Using sparse capabilities in a distributed operating system. In Proceedings of the 6th International Conference on Distributed Computing Systems, pages 558--563, 1986.

No context found.

Andrew S. Tanenbaum, Sape J. Mullender, and Robbert van Renesse. Using sparse capabilities in a distributed operating system. In 6th International Conference on Distributed Computing Systems, pages 558-- 563, Cambridge, Massachusetts, May 1986.

No context found.

A. S. Tanenbaum, S. J. Mullender, R. van Renesse. "Using Sparse Capabilities in a Distributed Operating System" Proceedings of 6th International Conference on Distributed Computing Systems, 1986, p. 558--563.

No context found.

A. S. Tanenbaum, S. J. Mullender, and R. van Renesse. Using sparse capabilities in a distributed operating system. In Proceedings of the 6th International Conference in Computing Systems, pages 558--563, June 1986.

No context found.

A. S. Tanenbaum, S. J. Mullender, R. van Renesse. Using Sparse Capabilities in a Distributed Operating System. International Conference on Distributed Computing Systems, 1986, p. 558--563. Online at: ftp://ftp.cs.vu.nl/pub/papers/amoeba/dcs86.ps.Z

No context found.

A. Tanenbaum, S. Mullender, and R. van Renesse. Using Sparse Capabilities in a Distributed Operating System. In The 6th International Conference on Distributed Computing Systems, May 1986.

No context found.

Andrew Tanenbaum, Sape Mullender, and Robert van Renesse. Using Sparse Capabilities in a Distributed Operating System. In Proceedings of the 6th International Conference on Distributed Computing Systems (ICDCS), May 1986.

No context found.

Andrew Tanenbaum, Sape Mullender, and Robert van Renesse. Using Sparse Capabilities in a Distributed Operating System. In Proceedings of the 6th International Conference on Distributed Computing Systems (ICDCS), May 1986.

No context found.

Tanenbaum, Andrew S., and van Renesse, Robbert, "Using Sparse Capabilities in a Distributed Operating System", Proceedings of the 6th International Conference on Distributed Computing Systems, May 1986, pp. 558-563.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC