A secure identity-based capability system

The author presents the design of an identity-based capability protection system called ICAP, which is aimed at a distributed system in a network environment. The semantics of traditional capabilities are modified to incorporate subject identities. This enables the monitoring, mediating, and recording of capability propagations to enforce security policies. It also supports administrative activities such as traceability. The author has developed an exception-list approach to achieve rapid revocation and the idea of capability propagation trees for complete revocation. Compared with existing capability system designs, ICAP requires much less storage and has the potential of lower cost and better real-time performance. The author proposes to expand R.Y. Kain and C.E. Landwehr's (1987) design taxonomy of capability-based systems to cover a wider range of designs.<<ETX>>

[1]  Robbert van Renesse,et al.  Using Sparse Capabilities in a Distributed Operating System , 1986, ICDCS.

[2]  Paul A. Karger,et al.  Improving security and performance for capability systems , 1988 .

[3]  Carl E. Landwehr,et al.  On Access Checking in Capability-Based Systems , 1986, IEEE Transactions on Software Engineering.

[4]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[5]  Karen R. Sollins,et al.  Cascaded authentication , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[6]  Paul A. Karger,et al.  An Augmented Capability Architecture to Support Lattice Security and Traceability of Access , 1984, 1984 IEEE Symposium on Security and Privacy.

[7]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[8]  Lawrence Snyder,et al.  Formal Models of Capability-Based Protection Systems , 1981, IEEE Transactions on Computers.

[9]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.