|
|
计算机应用研究 2004
Research and Realization of Extended Capability Access Control
|
Abstract:
Capability is a subject- based access control method,which has the advantages of diverse presentation,high efficiency and easy operation.The concept of capability was proposed very early,and capability has already become one of the basic access control mechanisms in the distributed operating system.By limiting the behavior of the subject,this technique can reach the aim of limiting the subject's action range easily.In addition,by improving the traditional capability technique,we can simultaneously put limitation to the lengths of period or times of any telneter to our server.Through the research of implementing the methods of this technique in the operating system, this article proposes a new model:Extended Capability Access Control(ECAC), and implements it in IRIX's shell.
