Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
Capability-Based Computer Systems
Capability-Based Computer Systems
Virtual monotonic counters and count-limited objects using a TPM without a trusted OS
Proceedings of the first ACM workshop on Scalable trusted computing
Robust composition: towards a unified approach to access control and concurrency control
Robust composition: towards a unified approach to access control and concurrency control
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Organizing and sharing distributed personal web-service data
Proceedings of the 17th international conference on World Wide Web
Non-delegatable authorities in capability systems
Journal of Computer Security
Bootstrapping trust in a "trusted" platform
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Taming subsystems: capabilities as universal resource access control in L4
Proceedings of the Second Workshop on Isolation and Integration in Embedded Systems
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Capauth: a capability-based handover scheme
INFOCOM'10 Proceedings of the 29th conference on Information communications
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
The OKL4 microvisor: convergence point of microkernels and hypervisors
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Implementing an application-specific credential platform using late-launched mobile trusted module
Proceedings of the fifth ACM workshop on Scalable trusted computing
Hi-index | 0.00 |
In distributed systems, capability-based security provides substantial performance and scalability advantages over traditional user-based authentication. Unfortunately, the usual implementation of this concept in a networked context, the password capability, suffers from problems of uncontrolled rights propagation: once a capability has been issued, its issuer no longer has any control over its delegation. Its password can be disseminated, maliciously or accidentally, in arbitrary ways. This paper introduces BottleCap, a capability container that addresses this problem. Using Trusted Computing technologies, BottleCap binds capabilities to the machine to which they are issued, holding their secrets in sealed storage. Users can still freely wield the rights represented by the capabilities they hold, but cannot discover the secrets underpinning those capabilities, preventing the delegation of the rights they represent except under the supervision of BottleCap.