Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Access right management by extended password capabilities

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

With reference to a classic protection system featuring active subjects that reference protected objects, we approach the problem of identifying the objects that each subject can access, and the operations that the subject can carry out on these objects. Password capabilities are a classical solution to this problem. We propose a new form of password capability, called extended password capability (or e-capability, for short). An e-capability can specify any combination of access rights. A subject that holds a given e-capability can generate new e-capabilities for reduced sets of access rights. Furthermore, a subject that created a given object is in a position to revoke the access permissions granted by every e-capability referencing this object, completely or in part. The size of an e-capability is comparable to that of a traditional password capability. The number of passwords that need to be stored in memory permanently is kept to a minimum, and is equal to a single password for each object.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Notes

  1. If a subject steals a password capability, it can take advantage of this password capability, to access the object it references illegitimately. In fact, the validity of a password capability is independent of the subject that holds this password capability and extends system-wide, and a copy of a password capability cannot be distinguished from the original. This is a different aspect of the segregation problem. Password capability stealing can be precluded by a separation of the address spaces enforced by the underlying operating system kernel [2]. Alternatively, we can assign a cryptographic key to each application; the password capabilities held by the subjects of a given application are encrypted by using the key of this application [16]. This mechanism prevents stealing between subjects of different applications, but cannot protect the subjects of the same application, which should be considered mutually trustworthy.

  2. Suppose that subject S transfers a copy of the owner e-capability referencing object B to subject \(S'\). As a result, \(S'\) acquires full access rights for B, including the delete access right that makes it possible to delete the object and to modify its revocation table. In fact, there is no way to distinguish the original owner e-capability from its copy. Furthermore, \(S'\) will be able to generate e-capabilities for B in different classes, as it possesses the owner password. If this should not be the case, S will preventively transform the owner e-capability into a different class, thereby changing the password.

References

  1. Anderson, M., Pose, R.D., Wallace, C.S.: A password-capability system. Comput. J. 29(1), 1–8 (1986)

    Article  Google Scholar 

  2. Castro, M.D., Pose, R.D., Kopp, C.: Password-capabilities and the Walnut kernel. Comput. J. 51(5), 595–607 (2008)

    Article  Google Scholar 

  3. Chase, J.S., Levy, H.M., Lazowska, E.D., Baker-Harvey, M.: Lightweight shared objects in a 64-bit operating system. ACM SIGPLAN Notices 27(10), 397–413 (1992)

    Article  Google Scholar 

  4. de Vivo, M., de Vivo, G.O., Gonzalez, L.: A brief essay on capabilities. ACM SIGPLAN Notices 30(7), 29–36 (1995)

    Article  Google Scholar 

  5. England, D.M.: Capability concept mechanism and structure in System 250. In: Proceedings of the International Workshop on Protection in Operating Systems, pp. 63–82. IRIA, Paris, France (1974)

  6. Gligor, V.D.: Review and revocation of access privileges distributed through capabilities. IEEE Trans. Softw. Eng. SE–5(6), 575–586 (1979)

    Article  Google Scholar 

  7. Grove, D.A., Murray, T.C., Owen, C.A., North, C.J., Jones, J.A., Beaumont, M.R., Hopkin, B.D.: An overview of the Annex system. In: Proceedings of the Twenty-Third Annual Computer Security Applications Conference, pp. 341–352. IEEE, Miami Beach, Florida, USA (2007)

  8. Heiser, G., Elphinstone, K., Vochteloo, J., Russell, S., Liedtke, J.: The Mungi single-address-space operating system. Softw. Pract. Exp. 28(9), 901–928 (1998)

    Article  Google Scholar 

  9. Houdek, M.E., Soltis, F.G., Hoffman, R.L.: IBM System/38 support for capability-based addressing. In: Proceedings of the 8th Annual Symposium on Computer Architecture, pp. 341–348. IEEE Computer Society Press, Minneapolis, Minnesota, USA (1981)

  10. King-Lacroix, J., Martin, A.: BottleCap: a credential manager for capability systems. In: Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing, pp. 45–54. ACM, Raleigh, NC, USA (2012)

  11. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., et al.: seL4: formal verification of an OS kernel. In: Proceedings of the 22nd ACM Symposium on Operating Systems Principles, pp. 207–220. ACM, Big Sky, MT, USA (2009)

  12. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  Google Scholar 

  13. Leung, A.W., Miller, E.L.: Scalable security for large, high performance storage systems. In: Proceedings of the Second ACM Workshop on Storage Security and Survivability, pp. 29–40. ACM, Alexandria, Virginia, USA (2006)

  14. Levy, H.M.: Capability-Based Computer Systems. Digital Press, Bedford, Mass, USA (1984)

    Google Scholar 

  15. Lopriore, L.: Encrypted pointers in protection system design. Comput. J. 55(4), 497–507 (2012)

    Article  Google Scholar 

  16. Lopriore, L.: Password capabilities revisited. Comput. J. 58(4), 782–791 (2015)

    Article  Google Scholar 

  17. Merkle, R.C.: One way hash functions and DES. In: Proceedings of the 9th Annual International Cryptology Conference—Advances in Cryptology, pp. 428–446. Springer, Santa Barbara, California, USA (1989)

  18. Miller, M.S., Yee, K.-P., Shapiro, J.: Capability myths demolished. Technical Report, Systems Research Laboratory, Johns Hopkins University. http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf (2003)

  19. Neumann, P.G., Feiertag, R.J.: PSOS revisited. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 208–216. IEEE, Las Vegas, NV, USA (2003)

  20. Pose, R.: Password-capabilities: their evolution from the Password-Capability System into Walnut and beyond. In: Proceedings of the Sixth Australasian Computer Systems Architecture Conference, pp. 105–113. IEEE, Gold Coast, Australia (2001)

  21. Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Proceedings of the 13th Annual International Cryptology Conference, pp. 368–378. Springer, Santa Barbara, California, USA (1993)

  22. Samarati, P., De Capitani Di Vimercati, S.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) Foundations of Security Analysis and Design, pp. 137–196. Springer, Berlin, Heidelberg (2001)

  23. Sandhu, R.S.: Cryptographic implementation of a tree hierarchy for access control. Inf. Process. Lett. 27(2), 95–98 (1988)

    Article  Google Scholar 

  24. Seitz, L., Pierson, J.-M., Brunie, L.: Key management for encrypted data storage in distributed systems. In: Proceedings of the Second IEEE International Security in Storage Workshop, pp. 20–30. IEEE, Washington, DC, USA (2003)

  25. Shapiro, J.S., Smith, J.M., Farber, D.J.: EROS: a fast capability system. ACM SIGOPS Oper. Syst. Rev. 34(2), 170–185 (2000)

    Google Scholar 

  26. Trappe, W., Song, J., Poovendran, R., Liu, K.J.: Key management and distribution for secure multimedia multicast. IEEE Trans. Multimed. 5(4), 544–557 (2003)

    Article  Google Scholar 

  27. Wilkes, M.V., Needham, R.M.: The Cambridge CAP Computer and Its Operating System. North-Holland, New York (1979)

    Google Scholar 

Download references

Acknowledgements

The author thanks the anonymous reviewers for their insightful comments and constructive suggestions.

This work has been partially supported by the TENACE PRIN Project (Grant No.20103P34XC_008) funded by the Italian Ministry of Education, University and Research.

Author information

Authors and Affiliations

  1. Dipartimento di Ingegneria dell’Informazione, Università di Pisa, via G. Caruso 16, 56126, Pisa, Italy

    Lanfranco Lopriore

Authors
  1. Lanfranco Lopriore
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lanfranco Lopriore.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lopriore, L. Access right management by extended password capabilities. Int. J. Inf. Secur. 17, 603–612 (2018). https://doi.org/10.1007/s10207-017-0390-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-017-0390-0

Keywords

Search

Navigation