Access Control in a World of Software Diversity
- Martin Abadi ,
- Andrew Birrell ,
- Ted Wobber
Proceedings of the Tenth Workshop on Hot Topics in Operating Systems |
Published by USENIX
We describe a new design for authentication and access control. In this design, principals embody a flexible notion of authentication. They are compound principals that reflect the identities of the programs that have executed, even those of login programs. These identities are based on a naming tree. Our access control lists are patterns that recognize principals. We show how this design supports a variety of access control scenarios.