A Simple and Efficient Object-Capability Revocation Method

Revocation is important but difficult in object-capability based systems. As an essential mechanism of capability management, revocation provides the basis for canceling of granted access rights and reclaiming of shared resources. However, efficient revocation of capabilities is difficult to achieve due to the considerations for selective revocation and safety. In this paper, we propose an simple and efficient object-capability revocation method. We are inspired by the classic garbage collection algorithm Mark-and-Sweep algorithm, and decouple revocation process to two phases. In the first phase, capabilities are centrally set to be invalid or masked, by updating related fields in capability tap. In the second phase, this method trigger Rust's memory reclaim mechanism to sweep the disabled capabilities safely. Additionally, the sweep progress can be done as lazy sweeping to support fast revocation returning. Our revocation method can support selective revocation more efficiently than the existing methods, and the revocation process is concise and safe.