Access Control in a World of Software Diversity

  • Martin Abadi ,
  • Andrew Birrell ,
  • Ted Wobber

Proceedings of the Tenth Workshop on Hot Topics in Operating Systems |

Published by USENIX

We describe a new design for authentication and access control. In this design, principals embody a flexible notion of authentication. They are compound principals that reflect the identities of the programs that have executed, even those of login programs. These identities are based on a naming tree. Our access control lists are patterns that recognize principals. We show how this design supports a variety of access control scenarios.