Conference item
BottleCap: a Credential Manager for Capability Systems
- Abstract:
- In distributed systems, capability-based security provides substantial performance and scalability advantages over traditional user-based authentication. Unfortunately, the usual implementation of this concept in a networked context, the password capability, suffers from problems of uncontrolled rights propagation: once a capability has been issued, its issuer no longer has any control over its delegation. Its password can be disseminated, maliciously or accidentally, in arbitrary ways. This paper introduces BottleCap, a capability container that addresses this problem. Using Trusted Computing technologies, BottleCap binds capabilities to the machine to which they are issued, holding their secrets in sealed storage. Users can still freely wield the rights represented by the capabilities they hold, but cannot discover the secrets underpinning those capabilities, preventing the delegation of the rights they represent except under the supervision of BottleCap.
Actions
Authors
- Host title:
- Proceedings of The Seventh ACM Workshop on Scalable Trusted Computing
- Publication date:
- 2012-01-01
- UUID:
-
uuid:f659c1cc-70cc-4921-a9e3-abc1008eb4e6
- Local pid:
-
cs:6301
- Deposit date:
-
2015-03-31
- ARK identifier:
Terms of use
- Copyright date:
- 2012
If you are the owner of this record, you can report an update to it here: Report update to this record