BottleCap: a Credential Manager for Capability Systems
In distributed systems, capability-based security provides substantial performance and scalability advantages over traditional user-based authentication. Unfortunately, the usual implementation of this concept in a networked context, the password capability, suffers from problems of uncontrolled rig...
Main Authors: | , |
---|---|
Format: | Conference item |
Published: |
2012
|
_version_ | 1797104321495564288 |
---|---|
author | King−Lacroix, J Martin, A |
author_facet | King−Lacroix, J Martin, A |
author_sort | King−Lacroix, J |
collection | OXFORD |
description | In distributed systems, capability-based security provides substantial performance and scalability advantages over traditional user-based authentication. Unfortunately, the usual implementation of this concept in a networked context, the password capability, suffers from problems of uncontrolled rights propagation: once a capability has been issued, its issuer no longer has any control over its delegation. Its password can be disseminated, maliciously or accidentally, in arbitrary ways. This paper introduces BottleCap, a capability container that addresses this problem. Using Trusted Computing technologies, BottleCap binds capabilities to the machine to which they are issued, holding their secrets in sealed storage. Users can still freely wield the rights represented by the capabilities they hold, but cannot discover the secrets underpinning those capabilities, preventing the delegation of the rights they represent except under the supervision of BottleCap. |
first_indexed | 2024-03-07T06:32:09Z |
format | Conference item |
id | oxford-uuid:f659c1cc-70cc-4921-a9e3-abc1008eb4e6 |
institution | University of Oxford |
last_indexed | 2024-03-07T06:32:09Z |
publishDate | 2012 |
record_format | dspace |
spelling | oxford-uuid:f659c1cc-70cc-4921-a9e3-abc1008eb4e62022-03-27T12:34:33ZBottleCap: a Credential Manager for Capability SystemsConference itemhttp://purl.org/coar/resource_type/c_5794uuid:f659c1cc-70cc-4921-a9e3-abc1008eb4e6Department of Computer Science2012King−Lacroix, JMartin, AIn distributed systems, capability-based security provides substantial performance and scalability advantages over traditional user-based authentication. Unfortunately, the usual implementation of this concept in a networked context, the password capability, suffers from problems of uncontrolled rights propagation: once a capability has been issued, its issuer no longer has any control over its delegation. Its password can be disseminated, maliciously or accidentally, in arbitrary ways. This paper introduces BottleCap, a capability container that addresses this problem. Using Trusted Computing technologies, BottleCap binds capabilities to the machine to which they are issued, holding their secrets in sealed storage. Users can still freely wield the rights represented by the capabilities they hold, but cannot discover the secrets underpinning those capabilities, preventing the delegation of the rights they represent except under the supervision of BottleCap. |
spellingShingle | King−Lacroix, J Martin, A BottleCap: a Credential Manager for Capability Systems |
title | BottleCap: a Credential Manager for Capability Systems |
title_full | BottleCap: a Credential Manager for Capability Systems |
title_fullStr | BottleCap: a Credential Manager for Capability Systems |
title_full_unstemmed | BottleCap: a Credential Manager for Capability Systems |
title_short | BottleCap: a Credential Manager for Capability Systems |
title_sort | bottlecap a credential manager for capability systems |
work_keys_str_mv | AT kinglacroixj bottlecapacredentialmanagerforcapabilitysystems AT martina bottlecapacredentialmanagerforcapabilitysystems |