Piotr Kaminski - PowerPoint PPT Presentation

About This Presentation
Title:

Piotr Kaminski

Description:

Title: Slide 1 Author: Piotr Kaminski Last modified by: Piotr Kaminski Created Date: 7/16/2003 10:59:52 PM Document presentation format: On-screen Show – PowerPoint PPT presentation

Number of Views:87
Avg rating:3.0/5.0
Slides: 13
Provided by: Piot88
Category:
Tags: acls | kaminski | piotr

less

Transcript and Presenter's Notes

Title: Piotr Kaminski


1
Capability Security
Capability Security
  • Piotr Kaminski
  • July 18, 2003

2
30 Minute Roadmap
  1. From traditional methods to capabilities
  2. Problems solved by capabilities
  3. Some objections addressed

3
Rotate Tradition 90
  • Firewalls, file permissions, stack introspection,
  • open namespace logic wall a leaky sieve
  • difficult to code, performance suffers too
  • Authorization policies

R
Access Control Lists
Capabilities
RW
R
File1 File2 File3
Alice r r
Bob r,w w
Carol r w r,w
R
W
W
RW
4
Capability Discipline
  • A capability is
  • a reference to a resource,
  • combined with authority to use that resource,
  • that cannot be forged.
  • Mechanisms that dont change
  • authentication
  • information security (encryption)
  • security testing (?)
  • Advantages
  • enable principle of least authority
  • no designation without authority

5
MmmTight Security
  • A secure system ensures that subjects are only
    allowed to perform authorized actions on resources

Principle Of Least Authority (POLA) Each subject
is authorized to perform all and only the actions
necessary for its work.
6
Policy in the Matrix
  • POLA depends on
  • fine resource and subject granularity
  • dynamic resource and subject creation
  • fine authority granularity
  • Not practical with ACLs
  • subjects per-user or per-role
  • authorities are often coarse
  • Trivial with capabilities
  • subjects per-object or per-process
  • authorities down to individual method level

File1 File2 File3
Alice r r
Bob r,w w
Carol r w r,w
7
Confused Deputy
  • Scenario
  • Print spooler component is given authority to
    write to a billing file, /etc/bill.
  • Print spooler accepts a file name from user to
    save status information.
  • User asks for status to be saved to /etc/bill.
  • Print spooler overwrites billing information,
    user gets free printing.
  • How to prevent this scenariousing traditional
    methods?

8
Objection Delegation
Claim Capability systems cannot prevent subjects
from giving away their capabilities.
9
Objection Revocation
Claim Once granted, a capability cannot be
revoked.
Rebuttal Revocation is achievablewith a simple
design pattern.
10
In the Balance
  • In Favour
  • Principle Of Least Authority upheld
  • Unseparable designation and authority
  • Resilient in the face of lazy programmers
  • Against
  • Whole-system method, hybridization weakens
    security
  • Requires design changes
  • Doesnt seem to fit static typing

11
Practice Makes Perfect
  • Past
  • KeyKOS
  • Present
  • E
  • EROS
  • Waterken
  • Paper
  • Capability Myths Demolished
  • Future Earthweb?

12
The End
The End
  • Thank You
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Piotr Kaminski" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!