|
| | | |
Bracket Capabilities for Distributed Systems Security
Evered, M.
The per-method access control lists of standard middleware technologies allow only simple forms of access control to be expressed and enforced. Research systems based on capabilities provide a more secure mechanism but also fail to support more flexible security constraints such as parameter restrictions, logging and state-dependent access. They also fail to enforce a strict need-to-know view of a persistent object for each user. In this paper we present the concept of bracket capabilities as a new, simple security mechanism which fulfils these requirements. We discuss the reasons for integrating bracketing and view types at a fundamental level of the security mechanism. We demonstrate the use of the mechanism in a simple Ecommerce environment to provide secure electronic cheques and describe a prototype implementation of the mechanism in middleware for secure, distributed Java applications. |
Cite as: Evered, M. (2002). Bracket Capabilities for Distributed Systems Security. In Proc. Twenty-Fifth Australasian Computer Science Conference (ACSC2002), Melbourne, Australia. CRPIT, 4. Oudshoorn, M. J., Ed. ACS. 51-58. |
(from crpit.com)
(local if available)
|
|