[Cst-1b] CST99 paper4: OS Functions
Nathan Dimmock
ned21@cam.ac.uk
Fri, 12 May 2000 12:41:50 +0100
"M.Y.W.Y.B." wrote:
>
> CST99.4
>
> 7 OS Functions
> Last part ([...T milliseconds...]): I have no clue at all :( Does the
> question refer to any particular section of the notes???
This is sort of Capabilities v ACLs. If you have ACLs then you have the
problem that they are stored with the file and therefore distributed and
duplicated. Therefore if T is small and network file access times slow,
you might not be able to update all the ACLs in the time limit.
In contrast, Capabilities are stored with the user. The problem is, how
do you revoke a capability once it's been issued? One strategy is to
have them expire after time T. There are advantages and disadvantages
of this approach - if T is too small you're going to be refreshing the
capability list of each subject very often - excess network(*) traffic,
lots of work for granting authority, etc. If T is too big then it's
going to take a long time for the new access control to be enforced.
(*) - of course, network might be in the sense of a network of buses
internal to the computer, the question isn't very clear whether we're
dealing with RAID (or similar) or distributed across a network in the
usual sense of the word.
This answer seems quite waffly and imprecise to me, but it was the best
my supervisor could come up with...
--
Nathan
Jesus College, Cambridge, CB5 8BL
http://www-jcsu.jesus.cam.ac.uk/~ned21/