Capabilities vs. ACLs

Within computer systems, there are two fundamental means of enforcing privilege separation:

  • ACLs or access control lists. The semantics of ACLs have been proven to be not so secure in many situations. It has also been shown that ACLs promise of giving access to an object to only one person can never be guaranteed in practice. This does not mean practical flaws exist in all ACL-based systems — only that the designers of certain utilities must take responsibility to ensure that they do not introduce flaws.
  • Capabilities. The problems of ACLs are resolved by capabilities. Unfortunately, for various historical reasons, capabilities have been mostly restricted to research operating systems and commercial OSes still use ACLs. Capabilities can, however, also be implemented at the language level, leading to a style of programming that is essentially a refinement of standard object-oriented design. An open source project in the area is the E language [3].

Back to Top

DiscoverArtists.info - DiscoverAstrology.info - DiscoverBabies.info - DiscoverBlogs.info - DiscoverBusiness.info - DiscoverCars.info - DiscoverComputers.info
 DiscoverCountries.info - DiscoverDating.info - DiscoverDIY.info - DiscoverFinance.info - DiscoverFlowers.info - DiscoverGambling.info - DiscoverGadgets.info
DiscoverGolf.info - Discover-Health.info - Discover-Insurance.info - DiscoverJewelry.info - DiscoverLanguages.info - Discover-Loans.info - DiscoverParenting.info
Discover-Pets.info - Discover-RSS.info - DiscoverSports.info - DiscoverTheHome.info - DiscoverWeddings.info - DiscoverWeightLoss.info - DiscoverWorldCities.info