Non-delegatable authorities in capability systems

Murray, Toby; Grove, D. A.

doi:10.3233/jcs-2008-0314

Cited by 10 publications

(7 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A capability [40], fuses access to, and designation of, a protected resource into a single, unforgeable reference. The object capability security model [28] implements confinement [30], revocation, and multi-level security [41]; offers patterns for non-delegation [42]; resolves the problem of the Confused Deputy [43], [44]; and is a base mechanism for information flow control [45], [46]. The Emerald language [47] is an early example of an object capability language.…”

Section: Example/evaluationmentioning

confidence: 99%

COAST: An Architectural Style for Decentralized On-Demand Tailored Services

Gorlick

Strasser

Taylor

2012

2012 Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture

View full text Add to dashboard Cite

Decentralized systems are systems-of-systems whose services are governed by two or more separate organizations under distinct spheres of authority. Coordinated evolution of the various elements of a decentralized system may be difficult, if not impossible, as individual organizations evolve their service offerings in response to organizationand service-specific pressures, including market demand, technology, competitive and cooperative interests, and funding. Consequently, decentralized services offer unique challenges for evolution and adaptation that reach well beyond any one single organizational boundary. However, client-driven service customization and tailoring is a powerful tool for meeting conflicting, independent client demands in an environment where disorderly and uneven service evolution predominates. To this end, we contribute an architectural style, COmputAtional State Transfer (COAST), designed to provide extensive, safe, and secure client-directed customization of decentralized services. COAST combines mechanisms from software architecture, cryptography, security, and programming languages, granting application architects flexible provisioning of their core services and assets while protecting those services and assets from attack and misuse.

show abstract

Section: Example/evaluationmentioning

confidence: 99%

COAST: An Architectural Style for Decentralized On-Demand Tailored Services

Gorlick

Strasser

Taylor

2012

2012 Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture

View full text Add to dashboard Cite

show abstract

“…A capability [13], fuses access to, and designation of, a protected resource into a single, unforgeable reference. The object capability security model [36] implements confinement [46], revocation, and multilevel security [37]; offers patterns for non-delegation [39]; resolves the problem of the Confused Deputy [12,28]; and is a base mechanism for information flow control [6,38]. The Emerald language [43] is an early example of an object-capability language.…”

Section: Related Workmentioning

confidence: 99%

Communication and Capability URLs in COAST-based Decentralized Services

Gorlick

Taylor

2013

REST: Advanced Research Topics and Practical Applications

View full text Add to dashboard Cite

Decentralized systems are systems-of-systems whose services are governed by two or more separate organizations under distinct spheres of authority. Coordinated evolution of the various elements of a decentralized system may be difficult, if not impossible, as individual organizations evolve their service offerings in response to organization-and service-specific pressures, including market demand, technology, competitive and cooperative interests, and funding. Consequently, decentralized services offer unique challenges for evolution and adaptation that reach well beyond any one single organizational boundary. However, client-driven service customization and tailoring is a powerful tool for meeting conflicting, independent client demands in an environment where disorderly and uneven service evolution predominates. Computational State Transfer (COAST) relies on capability security to minimize the risks of client-driven customization, for which fine-grain management of communication capability is critical. We introduce the Capability URL (CURL) as the unit of communication capability and show how two distinct mechanisms, communication capability and mobile code, can be combined to express and enforce constraints on the communications among decentralized computations.

show abstract

“…Another perceived weakness of capability systems is a perceived lack of support for mandatory security policies [26]. Recent research is beginning to show, however, that these concerns may not be too burdensome if an appropriate capability model is used [18,20,23]. …”

Section: Capability Architecturesmentioning

confidence: 99%

“…Although the details of our implementation are beyond the scope of this paper, we used the following basic approach: (1) the router's initial traffic filtering policies completely firewall all newly connected clients from sending or receiving any traffic, other than to the MiniSec device controlling the router; (2) the router control object would cause the broadcast of an authentication beacon containing a weakly permissive capability for itself to any potential MiniSec clients that have roamed onto the network, thus allowing them to initiate capability-based authentication with the Brick; (3) this new client would address the router control object using the beacon capability and attach a capability to a credential object proving that it is cleared to the appropriate level (see [20] for more details about this step); and (4) the router control object would modify the router's traffic-filtering rules allowing the newly authenticated MiniSec device to access the network.…”

Section: Bricksmentioning

confidence: 99%

An Overview of the Annex System

Grove

Murray

Owen

et al. 2007

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)

View full text Add to dashboard Cite

This paper describes the security and network architecture of the Annex system, a family of technologies for secure and pervasive communication and information processing that we have developed at the Australian Government's Defence Science and Technology Organisation. Our security architecture is built on top of a distributed object-capability system, which we believe provides an ideal platform for developing very high assurance devices. Our network architecture revolves around next generation networking technologies, including Mobile IPv6 and 802.11i wireless networking, but includes a small number of important extensions to improve security, robustness and mobility in the military context. A particular and unique contribution of our work is the tight integration of our very strong security architecture with next generation networking technologies. To complete the paper we describe our reference implementation of the Annex security and networking architecture, which consists of a number of devices known collectively as the Annex Ensemble.

show abstract

Non-delegatable authorities in capability systems

Cited by 10 publications

References 18 publications

COAST: An Architectural Style for Decentralized On-Demand Tailored Services

COAST: An Architectural Style for Decentralized On-Demand Tailored Services

Communication and Capability URLs in COAST-based Decentralized Services

An Overview of the Annex System

Contact Info

Product

Resources

About