CINECA IRIS Institutional Research Information System

We present a paradigm for access control to typed objects logically connected to form a hierarchy, whereby each object has a single parent, and may have children. Protection domains are divided into three classes. A vertical domain includes authorizations for the objects in a subhierarchy. A horizontal domain includes authorizations for the children of a given object. A simple domain includes an authorization for a single object. We introduce the hierarchical capability concept as a generalization of the classical password capability concept. A hierarchical capability references an entire domain instead of a single object.

Hierarchical password capabilities

Lanfranco Lopriore
2024-01-01

Abstract

We present a paradigm for access control to typed objects logically connected to form a hierarchy, whereby each object has a single parent, and may have children. Protection domains are divided into three classes. A vertical domain includes authorizations for the objects in a subhierarchy. A horizontal domain includes authorizations for the children of a given object. A simple domain includes an authorization for a single object. We introduce the hierarchical capability concept as a generalization of the classical password capability concept. A hierarchical capability references an entire domain instead of a single object.
2024
Lopriore, Lanfranco
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1271188
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact