On Access Checking in Capability-Based Systems
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
The Amoeba distributed operating system—a status report
Computer Communications
Lightweight shared objects in a 64-bit operating system
OOPSLA '92 conference proceedings on Object-oriented programming systems, languages, and applications
Extensible access control for a hierarchy of servers
ACM SIGOPS Operating Systems Review
ACM SIGPLAN Notices
The Mungi single-address-space operating system
Software—Practice & Experience - Special issue on multiprocessor operating systems
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Operating System Structures to Support Security and Reliable Software
ACM Computing Surveys (CSUR)
Capability-Based Computer Systems
Capability-Based Computer Systems
IBM System/38 support for capability-based addressing
ISCA '81 Proceedings of the 8th annual symposium on Computer Architecture
Practical Cryptography
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
The Cambridge CAP computer and its operating system (Operating and programming systems series)
The Cambridge CAP computer and its operating system (Operating and programming systems series)
A Survey of Lightweight-Cryptography Implementations
IEEE Design & Test
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Information Security: Principles and Practice
Information Security: Principles and Practice
Information leakage and capability forgery in a capability-based operating system kernel
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Encrypted Pointers in Protection System Design
The Computer Journal
| Hi-index | 0.00 |
With reference to a distributed system consisting of nodes connected by a local area network, we consider a salient aspect of the protection problem, the representation of access permissions and protection domains. We present a model of a protection system supporting typed objects. Possession of an access permission for a given object is certified by possession of an object pointer including the specification of a set of access rights. We associate an encryption key with each object and a password with each domain. Object pointers are stored in memory in a ciphertext form obtained by using the object key and including the value of the domain password. Each process is executed in a domain and can take advantage of a given object pointer only if this object pointer was encrypted by including the password of this domain. A set of protection primitives makes it possible to use object pointers for object reference and to control the movements of the objects across the network. The resulting protection environment is evaluated from a number of salient viewpoints, including ease of access right distribution and revocation, interprocess interaction and cooperation, protection against fraudulent actions of access right manipulation and stealing, storage overhead, and network traffic.