Sharing and protection in a single-address-space operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on computer architecture
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Capability-Based Computer Systems
Capability-Based Computer Systems
TrustedBSD: Adding Trusted Operating System Features to FreeBSD
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
The Accredited Symbian Developer Primer: Fundamentals of Symbian OS (Symbian Press)
The Accredited Symbian Developer Primer: Fundamentals of Symbian OS (Symbian Press)
Homeviews: peer-to-peer middleware for personal data sharing applications
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
Capability file names: separating authorisation from user management in an internet file system
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Capability-based egress network access control by using DNS server
Journal of Network and Computer Applications
An Access Control Model for Web-Services That Supports Delegation and Creation of Authority
ICN '08 Proceedings of the Seventh International Conference on Networking
Operating System Concepts
Hi-index | 0.00 |
We present CapaCon, an access control mechanism for interdevice communications through TCP connections. CapaCon provides capability-based access control for a system composed of devices. Using CapaCon, an administrator does not need to set access control policies for each device and can manage these policies outside the system. A capability consists of an object device identifier and the list of permitted operations for that object device. Subject devices that maintain capabilities can access object devices corresponding with those capabilities. To protect a capability from being fabricated, CapaCon uses a digital signature. CapaCon can be used without modifying existing device programs. We analyzed the safety of capabilities in CapaCon, and measured network throughputs and processing times of CapaCon. These experimental results show the practicality of CapaCon.