About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
Computing systems
Paper
Fine-grained access control in a transactional object-oriented system
Abstract
We believe that access controls for object-oriented systems should be fine-grained and thus apply to individual methods of individual objects. The efficient support of fine-grained access control is challenging because a check is done on every method invocation. We present a design that uses access control lists (ACLs) and exploits virtual memory facilities to make these checks run fast. The costs include an extra level of indirection for method invocation and per-user storage for preprocessed access control information. Given a choice between immediacy of revocation and serializability of transactions, we selected a compromise that uses a nested top-level transaction for each invocation of an ACL method.