CapaCon: access control mechanism for inter-device communications through TCP connections

Authors:
Mitsuhiro Mabuchi;Yasushi Shinjo;Koji Hasebe;Akira Sato;Kazuhiko Kato
Affiliations:
University of Tsukuba, Tsukuba, Ibaraki, Japan;University of Tsukuba, Tsukuba, Ibaraki, Japan;University of Tsukuba, Tsukuba, Ibaraki, Japan;University of Tsukuba, Tsukuba, Ibaraki, Japan;University of Tsukuba, Tsukuba, Ibaraki, Japan
Venue:
Proceedings of the 2010 ACM Symposium on Applied Computing
Year:
2010

Citing 13
Cited 0

Amoeba: A Distributed Operating System for the 1990s

Computer
Sharing and protection in a single-address-space operating system

ACM Transactions on Computer Systems (TOCS) - Special issue on computer architecture
EROS: a fast capability system

Proceedings of the seventeenth ACM symposium on Operating systems principles
HYDRA: the kernel of a multiprocessor operating system

Communications of the ACM
Capability-Based Computer Systems

Capability-Based Computer Systems
TrustedBSD: Adding Trusted Operating System Features to FreeBSD

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel

Proceedings of the 11th USENIX Security Symposium
The Accredited Symbian Developer Primer: Fundamentals of Symbian OS (Symbian Press)

The Accredited Symbian Developer Primer: Fundamentals of Symbian OS (Symbian Press)
Homeviews: peer-to-peer middleware for personal data sharing applications

Proceedings of the 2007 ACM SIGMOD international conference on Management of data
Capability file names: separating authorisation from user management in an internet file system

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Capability-based egress network access control by using DNS server

Journal of Network and Computer Applications
An Access Control Model for Web-Services That Supports Delegation and Creation of Authority

ICN '08 Proceedings of the Seventh International Conference on Networking
Operating System Concepts

Operating System Concepts

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present CapaCon, an access control mechanism for interdevice communications through TCP connections. CapaCon provides capability-based access control for a system composed of devices. Using CapaCon, an administrator does not need to set access control policies for each device and can manage these policies outside the system. A capability consists of an object device identifier and the list of permitted operations for that object device. Subject devices that maintain capabilities can access object devices corresponding with those capabilities. To protect a capability from being fabricated, CapaCon uses a digital signature. CapaCon can be used without modifying existing device programs. We analyzed the safety of capabilities in CapaCon, and measured network throughputs and processing times of CapaCon. These experimental results show the practicality of CapaCon.