Secure Abstraction with Code Capabilities

Provided by: Cornell University
Topic: Security
Format: PDF
The authors propose embedding executable code fragments in cryptographically protected capabilities to enable flexible discretionary access control in cloud-like computing infrastructures. They are developing this as part of a sports analytics application that runs on a federation of public and enterprise clouds. The capability mechanism is implemented completely in user space. Using a novel combination of X.509 certificates and JavaScript code, the capabilities support restricted delegation, confinement, revocation, and rights amplification for secure abstraction. The predominant way of providing discretionary access control in the cloud is through a combination of authentication and access control lists.

Find By Topic