Bracket Capability For Distributed Systems Security

Talal A. Alsubaie Presenting “Evereds” Paper (2001) Bracket Capability for Distributed Systems Security Talal A. Alsubaie

Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie

Protection in Operating System ,[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie

Protection in Operating System ,[object Object],[object Object],Talal A. Alsubaie Object Subject Access

Protected Objects ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie

Distributed System Security ,[object Object],[object Object],[object Object],Talal A. Alsubaie

Access Control ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie

Access Control Talal A. Alsubaie Request for Operation Authorize Request ,[object Object],[object Object],[object Object]

Access Control List (ACL) Talal A. Alsubaie

Access Control List (ACL) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie

General Schema ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie Ahmed R Mohammed R/W Talal W Omar Deny

How does ACL Works? Talal A. Alsubaie Create Request ( r ) as Subject ( s ) ( r , s ) Object ACL If ( s appears in ACL) if( r appears in ACL[ s ] ) grant access;

Capabilities Talal A. Alsubaie

Capabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie

How does Capabilities Works? Talal A. Alsubaie ( r , o ) Object if( r appears in C ) grant access; ( C ) Create Request ( r ) for object ( o ) Pass capability ( C )

Case Study ,[object Object],Talal A. Alsubaie

Java Interface ,[object Object],[object Object],Talal A. Alsubaie interface Bicycle { void changeGear( int newValue); void speedUp( int increment); void applyBrakes( int decrement); } class MyBicycle implements Bicycle { // remainder of this class }

Banking System Talal A. Alsubaie A Bank Account object

Account Object Talal A. Alsubaie Class Accounts { void new (Key newKey, String name); void deposit (Key key, Currency amount); void withdraw (Key key, Currency amount) Currency balance (Key key); String getName (Key key); void setInterest ( Percent rate); void transfer (Key fromKey, Key toKey, Currency amount) }

Semantic Role-based Access Control ,[object Object],[object Object],Talal A. Alsubaie Teller

Semantic Role-based Access Control ,[object Object],[object Object],[object Object],Talal A. Alsubaie Bank Manager

Semantic Role-based Access Control ,[object Object],[object Object],[object Object],Talal A. Alsubaie

Extending Role-based Security ,[object Object],[object Object],Talal A. Alsubaie interface ATMAccounts { void withdraw(Key key, Currency amount) Currency balance (Key key); }

Extending Role-based Security ,[object Object],[object Object],[object Object],Talal A. Alsubaie

Extending Role-based Security ,[object Object],[object Object],Talal A. Alsubaie interface MyAccount { Currency balance (); String getName (); void transfer (Key toKey, Currency amount) }

Bracket Capabilities Talal A. Alsubaie

Bracket Capabilities ,[object Object],[object Object],[object Object],Talal A. Alsubaie Accounts acc= c.open();

Bracket Capabilities ,[object Object],[object Object],[object Object],Talal A. Alsubaie x = c.open(); Capability cref = x.refine(interface, class);

Bracket Capabilities Talal A. Alsubaie Capability C Capability Cerf Interface x = c.open(); Capability cref = x.refine(interface, class); Bracketing Object

Bracket Capabilities ,[object Object],Talal A. Alsubaie Capability C Capability Cerf Interface Bracketing Object

Bracket Capabilities Implementation Talal A. Alsubaie acc = objc.open(); Capability AtmCap = acc.refine(ATMAccounts , Account); Capability objc Capability AtmCap ATMAccount

Bracket Capabilities Implementation Talal A. Alsubaie Capability objc Capability AtmCap ATMAccount The result of a further 'refine' operation Capability cerf2 Interface2

Talal A. Alsubaie eMail : [email_address] Website : www.talals.net

Bracket Capability For Distributed Systems Security

Recommended

Recommended

More Related Content

Similar to Bracket Capability For Distributed Systems Security

Similar to Bracket Capability For Distributed Systems Security (20)

More from Talal Alsubaie

More from Talal Alsubaie (10)

Recently uploaded

Recently uploaded (20)

Bracket Capability For Distributed Systems Security