this paper we discuss a system, Amoeba, that uses capabilities for naming and protecting objects. In contrast to traditional, centralized operating systems, in which capabilities are managed by the operating system kernel, in Amoeba all the capabilities are managed directly by user code. To prevent tampering, the capabilities are protected cryptographically. The paper describes a variety of the issues involved, and gives four different ways of dealing with the access rights

Mullender, S.J.

Renesse, R. van

Tanenbaum, A.S.

DSpace at VU

Using Sparse Capabilities in a Distributed Operating System

Most distributed operating systems constructed to date have lacked a unifying mechanism for naming and protection. In this paper we discuss a system, Amoeba, that uses capabilities for naming and protecting objects. In contrast to traditional, centralized operating systems, in which capabilities are managed by the operating system kernel, in Amoeba all the capabilities are managed directly by user code. To prevent tampering, the capabilities are protected cryptographically. The paper describes a variety of the issues involved, and gives four different ways of dealing with the access rights

Tanenbaum, Andrew S.

Mullender, Sape J.

van Renesse, Robbert

NARCIS 

A distributed operating system, Amoeba, that includes capabilities for naming and protecting objects is reported. In contrast to traditional centralized operating systems, in which capabilities are managed by the operating system kernel, in Amoeba all the capabilities are managed directly by user code. To prevent tampering, the capabilities are protected cryptographically. A variety of the issues involved is outlined, and four different ways of dealing with access rights are presented

van Renesse, R.

Andrew Tanenbaum

Sape J. Mullender

Robbert Van Renesse

CiteSeerX

VU Research Portal

English

Most distributed operating systems constructed to date have lacked a unifying mechanism for naming and protection. In this paper we discuss a system, Amoeba, that uses capabilities for naming and protecting objects. In contrast to traditional, centralized operating systems, in which capabilities are managed by the operating system kernel, in Amoeba all the capabilities are managed directly by user code. To prevent tampering, the capabilities are protected cryptographically. The paper describes a variety of the issues involved, and gives four different ways of dealing with the access rights. 1. INTRODUCTION  Capabilities [Dennis and Van Horn 1966] have been used as the basis for a variety of uniprocessor operating systems (see [Levy 1984] for numerous examples). They have the attraction of providing a single, uniform mechanism for naming, accessing, and protecting all objects within the system. In all of these systems, the capabilities are managed by (trusted) kernel software, often wit..

Andrew S. Tanenbaum

Most distributed operating systems constructed to date have lacked a unifying mechanism for naming and protection. In this paper we discuss a system, Amoeba, that uses capabilities for naming and protecting objects. In contrast to traditional, centralized operating systems, in which capabilities are managed by the operating system kernel, in Amoeba all the capabili-ties are managed directly by user code. To prevent tampering, the capabilities are protected cryptographically. The paper describes a variety of the issues involved, and gives four dif-ferent ways of dealing with the access rights. 1

Using Sparse Capabilities in a Distributed Operating System

Abstract

Similar works

Full text

Available Versions

DSpace at VU

NARCIS

NARCIS

CiteSeerX

VU Research Portal

CiteSeerX

CiteSeerX