Bracket Capabilities for Distributed Systems Security

9 years 10 months ago
Bracket Capabilities for Distributed Systems Security
The per-method access control lists of standard middleware technologies allow only simple forms of access control to be expressed and enforced. Research systems based on capabilities provide a more secure mechanism but also fail to support more flexible security constraints such as parameter restrictions, logging and state-dependent access. They also fail to enforce a strict need-to-know view of a persistent object for each user. In this paper we present the concept of bracket capabilities as a new, simple security mechanism which fulfils these requirements. We discuss the reasons for integrating bracketing and view types at a fundamental level of the security mechanism. We demonstrate the use of the mechanism in a simple Ecommerce environment to provide secure electronic cheques and describe a prototype implementation of the mechanism in middleware for secure, distributed Java applications.
Mark Evered
Added 14 Jul 2010
Updated 14 Jul 2010
Type Conference
Year 2002
Where ACSC
Authors Mark Evered
Comments (0)