Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
Accessing Files in an Internet: The Jade File System
IEEE Transactions on Software Engineering
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Escaping the evils of centralized control with self-certifying pathnames
Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Limitations of the Kerberos authentication system
ACM SIGCOMM Computer Communication Review
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
Fast and secure distributed read-only file system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
The CRISIS wide area security architecture
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Cryptographic access control in a distributed file system
Proceedings of the eighth ACM symposium on Access control models and technologies
WebDAVA: An Administrator-Free Approach To Web File-Sharing
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Decentralized user authentication in a global file system
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Secure capabilities for a petabyte-scale object-based distributed file system
Proceedings of the 2005 ACM workshop on Storage security and survivability
Scalable security for petascale parallel file systems
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
Decentralized access control in distributed file systems
ACM Computing Surveys (CSUR)
Secure file system services for web 2.0 applications
Proceedings of the 2009 ACM workshop on Cloud computing security
Practical protection for personal storage in the cloud
Proceedings of the Third European Workshop on System Security
CapaCon: access control mechanism for inter-device communications through TCP connections
Proceedings of the 2010 ACM Symposium on Applied Computing
Capability-based delegation model in RBAC
Proceedings of the 15th ACM symposium on Access control models and technologies
Hi-index | 0.00 |
The ability to access and share information over the Internet has introduced the need for new flexible, dynamic and fine-grained access control mechanisms. None of the current mechanisms for sharing information - distributed file systems and the web - offer adequate support for sharing in a large and highly dynamic group of users. Distributed file systems lack the ability to share information with unauthenticated users, and the web lacks fine grained access controls, i.e. the ability to grant individual users access to selected files. In this paper we present Capability File Names, a new access control mechanism, in which self-certifying file names are used as sparse capabilities that allow a user ubiquitous access to his files and enables him to delegate this right to a dynamic group of remote users. Encoding the capaility in the file name has two major advantages: it is self-supporting and it ensures full compatablity with existing programs. Capability file names have been implemented in a new file system called CapaFS. CapaFS separates user identification from authorisation, thus allowing users to share selected files with remote users without the intervention of a system administrator. The implementation of CapaFS is described and evaluated in this paper