A salient aspect of protection system design is the set of the mechanisms for the representation, distribution, verification and revocation of access privileges. With reference to a segmented virtual memory space, we present an approach that is based on the use of symmetric-key cryptography to represent segment pointers, including access right specifications. Our design effort has been guided by three main objectives: (i) to maintain the simplicity of access privilege representation that characterizes classical capability and password-capability systems; (ii) to keep the memory requirements low even in the case of complex access privileges expressed in terms of several access rights; and (iii) to allow an easy implementation of effective techniques for access privilege review and revocation.
Encrypted pointers in protection system design
LOPRIORE, LANFRANCO
2012-01-01
Abstract
A salient aspect of protection system design is the set of the mechanisms for the representation, distribution, verification and revocation of access privileges. With reference to a segmented virtual memory space, we present an approach that is based on the use of symmetric-key cryptography to represent segment pointers, including access right specifications. Our design effort has been guided by three main objectives: (i) to maintain the simplicity of access privilege representation that characterizes classical capability and password-capability systems; (ii) to keep the memory requirements low even in the case of complex access privileges expressed in terms of several access rights; and (iii) to allow an easy implementation of effective techniques for access privilege review and revocation.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.