Security

Secure Abstraction with Code Capabilities

Download Now Free registration required

Executive Summary

The authors propose embedding executable code fragments in cryptographically protected capabilities to enable flexible discretionary access control in cloud-like computing infrastructures. They are developing this as part of a sports analytics application that runs on a federation of public and enterprise clouds. The capability mechanism is implemented completely in user space. Using a novel combination of X.509 certificates and JavaScript code, the capabilities support restricted delegation, confinement, revocation, and rights amplification for secure abstraction. The predominant way of providing discretionary access control in the cloud is through a combination of authentication and access control lists.

  • Format: PDF
  • Size: 121.86 KB