Revocation of Access Rights

Questions and Answers

What does the possession of values by a user process indicate?

The access may not be legitimate. (correct)

The user has all necessary permissions.

The access is guaranteed to be secure.

The access is always legitimate.

The possession of values by a user process guarantees legitimate access.

False

What is the implication of a user program executing a statement successfully?

It indicates that the user program has access but does not confirm the legitimacy of that access.

The user process's possession of access values says nothing about whether that access would actually be __________.

legitimate

Match the following concepts with their descriptions:

Possession of values = Indicates access but not legitimacy User program execution = Can lead to various outcomes Legitimate access = Confirms rightful and authorized entry User process = The executing program in the context

What is the primary advantage of using back-pointers for revoking capabilities?

Allows selective revocation of only specific capabilities

Reacquisition involves periodically deleting capabilities to reduce the number of active capabilities.

True

What happens to capabilities when a master key is changed?

They become invalid.

The method of __________ allows capabilities to be revoked by deleting an intermediate table entry.

Indirection

Which method involves using unique bits for each capability?

Keys

Match the revocation method with its description.

Reacquisition = Periodic deletion and require reacquisition for access Back-pointers = Pointers from objects to their capabilities Indirection = Capability points to an entry in a global table Keys = Unique bits associated with each capability

Distributed tables provide a way to centrally modify access and capability information across multiple locations.

True

What fundamental challenge is associated with the use of back-pointers in capability revocation?

Keeping the pointers synchronized and updated.

In the __________ method, all capabilities are invalidated when the master key is altered.

Keys

What happens if a word's high-order bit is 1?

It is treated as an address.

A word with a high-order bit of 0 is treated as an address.

False

What is the outcome of following pointers when a high-order bit is 1?

The process continues until a high-order bit of 0 is encountered.

If the high-order bit is 1, the word is treated as an ______.

address

Match the terms with their meanings:

High-order bit = Indicates whether data or address Address = Points to another data location Data = Information stored in memory Pointer = Refers to a location in memory

What defines a word's classification as data?

High-order bit is 0.

The process stops when a word with a high-order bit of 1 is reached.

False

What does a high-order bit of 1 indicate when processing a word?

It indicates that the word is treated as an address.

Following pointers stops at a word whose high-order bit is ______.

0

What is the significance of the high-order bit in this context?

It indicates the type of data or address.

What is the primary purpose of creating an alias in the context described?

To give a revocable access right to another user

An alias allows an object to be permanently accessed without further permissions.

False

Who creates the alias for the object?

A

To allow B to access the object, A creates an ______ for the object.

alias

Match the following terms with their descriptions:

Alias = A temporary reference for access rights Revocable access = The ability to revoke granted permissions Capability = A right to access an object Object = The item being accessed or manipulated

What action does A take to grant B access?

Creates an alias and provides a capability

B can access the object directly without the alias created by A.

False

What does A provide to B after creating the alias?

A capability allowing access

The alias allows B to access the object ______ the rights granted by A.

through

Which of the following best describes a capability in this context?

A right to perform actions on an object

The process described involves giving away ownership of an object.

False

What is the main purpose of using an alias in capability management?

To easily revoke access to the object

Indirection allows a capability to contain the actual address of an object.

False

Describe the role of the high-order bit in indirect addressing.

The high-order bit indicates whether a word in memory is an address or actual data.

The process of __________ is used to access objects through an indirect reference.

indirection

Which of the following best describes a capability?

A reference that includes access rights to the object

Match the following terms with their definitions:

Alias = A proxy to access an object Capability = Access rights to an object Indirect Addressing = Using a non-direct reference to access data Revocation = The process of invalidating access rights

A capability must always point directly to the memory address of an object.

False

Why might a system implement indirection for capabilities?

To provide flexibility in granting and revoking access without direct modifications.

In the example of capability revocation, __________ revokes access by invalidating an alias.

A

What happens when an alias is invalidated?

All capabilities related to the alias are considered invalid

Study Notes

Revocation of Access Rights

• Access List

  • Delete access rights from an access list
  • Simple to remove entries, by searching and deleting
  • Can be immediate, general or selective, total or partial, permanent or temporary

• Capability List

  • Requires a scheme to locate the capability within the system before it can be revoked
  • Reacquisition
    • Periodically deletes capabilities
    • Requires denial and reacquisition if a capability is revoked
  • Back-pointers
    • Set of pointers from each object to all capabilities of that object (Multics)
    • Maintains a synchronized and updated set of pointers
  • Indirection
    • Capability points to a global table entry, which points to the object
    • Deletes the entry from the global table.
    • Not selective (CAL)
  • Keys
    • Unique bits associated with a capability, generated when the capability is created
    • Master key associated with each object, and the key matches the master key for access
    • Revocation: Create a new master key
    • Requires a policy decision on who can create and modify the keys (object owner or others)
  • Distributed Tables
    • Centralized tables containing access information and capabilities
    • Can be modified centrally for revocation

Example of Capability Revocation (Indirection)

• Indirection - using an indirect reference to access objects.
  • A capability does not directly point to the object, but to an intermediate level, such as an address or alias.
  • Can be used to revoke access easily by invalidating the alias.
• Case: Object owned by subject A, who wants to give revocable access to subject B.
  • Create a new kind of capability called an alias.
  • A creates an alias for the object and gives the capability to access through the alias to B.
  • A revokes the access by invalidating the alias, so B cannot access the object without going through the alias first.
• Example: In indirect addressing, a register can contain the address of a word. If the high-order (tag) bit is 1, then it is also treated as an address. This pointer search continues until reaching a word with a high-order bit of 0, which is treated as data.
• Benefits: Allows for flexible revocation without modifying every capability.

Examples on Capability List

• String as a Capability: A user process has a string in memory space, identifying a unique object on the system. It does not specify access rights, so it is not a capability.
• Pair of Values: A pair of values identifies an object with a set of access rights. This pair is still not a capability, because the user's possession of the values does not mean that access is legitimate.
• Successful Execution: When a user program successfully executes an access statement, the system verifies the validity of the capability, by checking the level of indirection and revoking the capability if the values are not legitimate or the alias has been revoked.

Description

This quiz covers the intricacies of revoking access rights in computing systems, focusing on access lists and capability lists. It discusses methods for immediate, general, or selective revocation, including key concepts like reacquisition and back-pointers. Test your understanding of how capabilities are managed and revoked!