Secure Abstraction with Code Capabilities

Robbert van Renesse; H{\aa}vard Johansen; Nihar Naigaonkar and; Dag Johansen

arXiv:1210.5443·cs.CR·October 22, 2012

Secure Abstraction with Code Capabilities

Robbert van Renesse, H{\aa}vard Johansen, Nihar Naigaonkar and, Dag Johansen

PDF

Open Access

TL;DR

This paper introduces a novel capability-based security mechanism that embeds executable code within cryptographically protected tokens, enabling flexible and secure access control in cloud environments.

Contribution

It presents a new approach combining X.509 certificates and JavaScript code to support secure, flexible, and revocable access rights in cloud computing.

Findings

01

Supports restricted delegation and rights amplification

02

Enables confinement and revocation of capabilities

03

Implemented entirely in user space

Abstract

We propose embedding executable code fragments in cryptographically protected capabilities to enable flexible discretionary access control in cloud-like computing infrastructures. We are developing this as part of a sports analytics application that runs on a federation of public and enterprise clouds. The capability mechanism is implemented completely in user space. Using a novel combination of X.509 certificates and Javscript code, the capabilities support restricted delegation, confinement, revocation, and rights amplification for secure abstraction.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSecurity and Verification in Computing · Cloud Data Security Solutions · Cryptography and Data Security