Conference item icon

Conference item

BottleCap: a Credential Manager for Capability Systems

Abstract:
In distributed systems, capability-based security provides substantial performance and scalability advantages over traditional user-based authentication. Unfortunately, the usual implementation of this concept in a networked context, the password capability, suffers from problems of uncontrolled rights propagation: once a capability has been issued, its issuer no longer has any control over its delegation. Its password can be disseminated, maliciously or accidentally, in arbitrary ways. This paper introduces BottleCap, a capability container that addresses this problem. Using Trusted Computing technologies, BottleCap binds capabilities to the machine to which they are issued, holding their secrets in sealed storage. Users can still freely wield the rights represented by the capabilities they hold, but cannot discover the secrets underpinning those capabilities, preventing the delegation of the rights they represent except under the supervision of BottleCap.

Actions

Authors


Host title:
Proceedings of The Seventh ACM Workshop on Scalable Trusted Computing
Publication date:
2012-01-01


UUID:
uuid:f659c1cc-70cc-4921-a9e3-abc1008eb4e6
Local pid:
cs:6301
Deposit date:
2015-03-31
ARK identifier:

Terms of use


Views and Downloads






If you are the owner of this record, you can report an update to it here: Report update to this record

TO TOP