granting safe combinations of capabilities in advance, instead they are granted
(or revoked) according to what the program has done so far. So, for example,
a program might start up being allowed to access both the filesystem and the
network, but once it has done one, it is then forbidden from doing the other.
This can also be used to enforce Chinese Walls – once the user has accessed
files relating to client A, they can no longer access files relating to client B, and
vice versa.
The best known example of this kind of system is SE-Linux[6].
No comments:
Post a Comment