Access Control Lists versus Capabilities
July 9, 2008 by Antivirus Ware.com - Download Norton Antivirus software instantly!Access Control Lists, or (ACL’s as they are referred to) and Capabilities are the two most basic ways of enforcing privilege separation, a technique that is used to prevent any damage from a security attack on an operating system. ACL semantics have the tendency to be insecure, as well as there being no guarantee of the promise of an ACL to give access of one object to only one person.
Where ACL’s cannot resolve these issues, capabilities can. Generally, this means that utility designers need to take responsibility and ensure that they do not introduce any flaws. It does not mean that flaws are indigenous in all systems that are ACL-based. Historically, ACL’s have been used by commercial systems, whereas capabilities are more commonly used by research operating systems.
Capabilities can also be utilized at the language level which can ultimately result in an essential style of programming that is a refinement of a standard design which is object-oriented. E-language is what is called an open-source in this area. In the 1970’s, the use of capabilities for hardware and software, were demonstrated by both the Plessey System 250 and then later on, the Cambridge CAP computer.
Characteristically, since ACL’s appeared to be the “quick fix” for security purposes, and did not involve any redesigning of the operating system and its hardware, there was a lack of adopting capabilities as the preferred method to resolve the issue. Typically, computers that are not connected to the internet tend to be the most secure and are protected from harmful interference.
