Implementations of Access Matix (cont.)

• Capability list:

  • A list of sets (one per domain). Each set has a capability list of the type <object, right-set>. (a row in the matrix).
  • Do not correspond directly to the need of a user (users work with objects).
  • Useful to localize access information for a process (because it executes in one domain).

• A lock-key mechanism:

  • A compromise between access lists and capability lists.
  • Each object has a list of unique locks.
  • Each domain has a list keys.
  • A process executing in a domain can access the object if the domain has a key to one of the object locks.

Previous slide

Next slide

Back to first slide

View graphic version