Bracket Capability For Distributed Systems Security


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Bracket Capability For Distributed Systems Security

  1. 1. Talal A. Alsubaie Presenting “Evereds” Paper (2001) Bracket Capability for Distributed Systems Security Talal A. Alsubaie
  2. 2. Overview <ul><li>Protection in Operating System </li></ul><ul><li>Distributed System Security </li></ul><ul><li>Access Control </li></ul><ul><li>Access control lists </li></ul><ul><li>Capabilities </li></ul><ul><li>Case Study </li></ul><ul><li>Bracket Capabilities </li></ul><ul><li>Bracket Capabilities Implementation </li></ul>Talal A. Alsubaie
  3. 3. Protection in Operating System <ul><li>Protection features are provided by O.S. </li></ul><ul><li>There are many controlling access approaches to control access to objects: </li></ul><ul><ul><li>Access Control Matrix, ACL, Capabilities </li></ul></ul><ul><li>Most of security concerns about “Controlling Access”. </li></ul>Talal A. Alsubaie
  4. 4. Protection in Operating System <ul><li>Entities that can perform actions in the system are called subjects i.e. (Ahmed account). </li></ul><ul><li>Entities representing resources to which access may need to be controlled are called objects i.e. (xyz file). </li></ul>Talal A. Alsubaie Object Subject Access
  5. 5. Protected Objects <ul><li>Typical Objects We Desire to Protect: </li></ul><ul><ul><li>Memory </li></ul></ul><ul><ul><li>Disk and tape drives </li></ul></ul><ul><ul><li>Printers </li></ul></ul><ul><ul><li>Programs </li></ul></ul><ul><ul><li>Networks </li></ul></ul><ul><ul><li>Data </li></ul></ul><ul><ul><li>… </li></ul></ul>Talal A. Alsubaie
  6. 6. Distributed System Security <ul><li>Components of a distributed system can be viewed as objects according to the object-oriented paradigm. </li></ul><ul><li>One advantage of an object-oriented approach is that the security can be based on the interface methods of an object. </li></ul><ul><li>In this presentation, well talk about Object Oriented Programming Access Control. </li></ul>Talal A. Alsubaie
  7. 7. Access Control <ul><li>Is the ability to permit or deny the use of a particular resource by a particular entity. </li></ul><ul><li>Access control mechanisms can be used in managing </li></ul><ul><ul><li>Physical resources </li></ul></ul><ul><ul><ul><li>Accessing the University. </li></ul></ul></ul><ul><ul><li>Logical resources </li></ul></ul><ul><ul><ul><li>Banking Account. </li></ul></ul></ul><ul><ul><li>Digital resources </li></ul></ul><ul><ul><ul><li>Text document. </li></ul></ul></ul><ul><li>We’ll have an example of a Banking System </li></ul>Talal A. Alsubaie
  8. 8. Access Control Talal A. Alsubaie Request for Operation Authorize Request <ul><li>Imagine a server with a number of entities (which we will call objects) under its control. </li></ul><ul><li>Requests come in, but are allowed only if the sender has sufficient access rights. </li></ul><ul><li>Access control is how to verify rights. </li></ul>
  9. 9. Access Control List (ACL) Talal A. Alsubaie
  10. 10. Access Control List (ACL) <ul><li>A list of permissions attached to an object. </li></ul><ul><li>The list specifies who is allowed to access the object and what operations are allowed to be performed on the object. </li></ul><ul><li>Each entry in the list specifies a subject and an operation. </li></ul><ul><ul><li>Example: ( Ahmed , Write ) </li></ul></ul><ul><ul><li> ( Saleh, Read ) </li></ul></ul><ul><ul><li> ( Mohammed, Read/Write ) </li></ul></ul><ul><ul><li>on XYZ file. </li></ul></ul>Talal A. Alsubaie
  11. 11. General Schema <ul><li>One list for each object. </li></ul><ul><li>Shows all users who have access. </li></ul><ul><li>Shows what access each user has. </li></ul><ul><li>Can have default entries for any users. </li></ul><ul><ul><li>Specific users have explicit rights and all other users have default rights. </li></ul></ul><ul><ul><li>Objects can be shared by all possible users. </li></ul></ul>Talal A. Alsubaie Ahmed R Mohammed R/W Talal W Omar Deny
  12. 12. How does ACL Works? Talal A. Alsubaie Create Request ( r ) as Subject ( s ) ( r , s ) Object ACL If ( s appears in ACL) if( r appears in ACL[ s ] ) grant access;
  13. 13. Capabilities Talal A. Alsubaie
  14. 14. Capabilities <ul><li>A capability is a token (or ticket or key ) which : </li></ul><ul><ul><li>Gives the possessor certain rights to an object. </li></ul></ul><ul><ul><li>Must be unforgeable. </li></ul></ul><ul><ul><li>May grant transfer(or propagate) rights </li></ul></ul><ul><ul><ul><li>Something like delegation of authority. </li></ul></ul></ul><ul><ul><ul><li>A right to pass copies of capabilities to others. </li></ul></ul></ul><ul><ul><ul><li>Also should be able to revoke the capability. </li></ul></ul></ul><ul><ul><li>User holds a “ ticket ” for each resource. </li></ul></ul><ul><li>Example: ( XYZ , delete ) , hold by Ahmed </li></ul>Talal A. Alsubaie
  15. 15. How does Capabilities Works? Talal A. Alsubaie ( r , o ) Object if( r appears in C ) grant access; ( C ) Create Request ( r ) for object ( o ) Pass capability ( C )
  16. 16. Case Study <ul><li>E-Banking System using Java </li></ul>Talal A. Alsubaie
  17. 17. Java Interface <ul><li>An interface is a contract between a class and the outside world. </li></ul><ul><li>When a class implements an interface, it promises to provide the behavior published by that interface. </li></ul>Talal A. Alsubaie interface Bicycle { void changeGear( int newValue); void speedUp( int increment); void applyBrakes( int decrement); } class MyBicycle implements Bicycle { // remainder of this class }
  18. 18. Banking System Talal A. Alsubaie A Bank Account object
  19. 19. Account Object Talal A. Alsubaie Class Accounts { void new (Key newKey, String name); void deposit (Key key, Currency amount); void withdraw (Key key, Currency amount) Currency balance (Key key); String getName (Key key); void setInterest ( Percent rate); void transfer (Key fromKey, Key toKey, Currency amount) }
  20. 20. Semantic Role-based Access Control <ul><li>Access rights can be granted on the basis of the roles of the users. </li></ul><ul><li>A bank teller may have access to the deposit and withdraw methods. </li></ul>Talal A. Alsubaie Teller
  21. 21. Semantic Role-based Access Control <ul><li>Access rights can be granted on the basis of the roles of the users. </li></ul><ul><li>A bank teller may have access to the deposit and withdraw methods. </li></ul><ul><li>While the bank manager may also have access to the method for setting the interest rate . </li></ul>Talal A. Alsubaie Bank Manager
  22. 22. Semantic Role-based Access Control <ul><li>In terms of per-method access control, the previous mechanism is not ideal. </li></ul><ul><ul><li>All the methods of the object are still known to all the users even if they cannot be called </li></ul></ul><ul><li>Ideally, in a need-to-know security environment, someone who is not allowed to invoke a method should not KNOW of the existence of that method </li></ul>Talal A. Alsubaie
  23. 23. Extending Role-based Security <ul><li>ATM machine only requires access to the withdraw and balance methods of an Accounts object . </li></ul><ul><li>Define a view for the ATMAccount . </li></ul>Talal A. Alsubaie interface ATMAccounts { void withdraw(Key key, Currency amount) Currency balance (Key key); }
  24. 24. Extending Role-based Security <ul><li>What access to an Accounts object should be given to the owner of an individual account? </li></ul><ul><li>We must ensure that only the right account is being accessed. </li></ul><ul><li>This means that the Key parameter of balance and getName and the fromKey parameter of transfer must be restricted to a particular value ( Owners’ Account # ). </li></ul>Talal A. Alsubaie
  25. 25. Extending Role-based Security <ul><li>Would like the account owner to view the object as if it had the type: </li></ul><ul><li>MyAccount object can be seen as a virtual object . </li></ul>Talal A. Alsubaie interface MyAccount { Currency balance (); String getName (); void transfer (Key toKey, Currency amount) }
  26. 26. Bracket Capabilities Talal A. Alsubaie
  27. 27. Bracket Capabilities <ul><li>To gain access to an object, the object is “opened” using a capability. </li></ul><ul><ul><li>For example: </li></ul></ul><ul><ul><li>Where c is a variable of type Capability . </li></ul></ul>Talal A. Alsubaie Accounts acc=;
  28. 28. Bracket Capabilities <ul><li>Each persistent object, as well as implementing an interface such as Accounts also implements the standard interface Persistent which includes methods such as deleteObject , deleteCapability and refine . </li></ul><ul><li>Call refine method when the possessor of a capability wishes to grant a more restricted view of the object to other users in the system. </li></ul><ul><li>The refine method is called as: </li></ul>Talal A. Alsubaie x =; Capability cref = x.refine(interface, class);
  29. 29. Bracket Capabilities Talal A. Alsubaie Capability C Capability Cerf Interface x =; Capability cref = x.refine(interface, class); Bracketing Object
  30. 30. Bracket Capabilities <ul><li>It can be seen that calls using the capability cref are directed through a kind of proxy or bracketing object. </li></ul>Talal A. Alsubaie Capability C Capability Cerf Interface Bracketing Object
  31. 31. Bracket Capabilities Implementation Talal A. Alsubaie acc =; Capability AtmCap = acc.refine(ATMAccounts , Account); Capability objc Capability AtmCap ATMAccount
  32. 32. Bracket Capabilities Implementation Talal A. Alsubaie Capability objc Capability AtmCap ATMAccount The result of a further 'refine' operation Capability cerf2 Interface2
  33. 33. Talal A. Alsubaie eMail : [email_address] Website :