Ben Laurie blathering

Preprint: Access Control

I have three currently unpublished papers that may be of interest. This one has been submitted but not yet accepted. As you can guess from the title, it’s about access control, particularly in the area of mashups, gadgets and web applications.

This is the introduction:

Access control is central to computer security. Traditionally, we wish to restrict the user to exactly what he should be able to do, no more and no less.

You might think that this only applies to legitimate users: where do attackers fit into this worldview? Of course, an attacker is a user whose access should be limited just like any other. Increasingly, of course, computers expose services that are available to anyone — in other words, anyone can be a a legitimate user.

As well as users there are also programs we would like to control. For example, the program that keeps the clock correctly set on my machine should be allowed to set the clock and talk to other time-keeping programs on the Internet, and probably nothing else\footnote{Perhaps it should also be allowed a little long-term storage, for example to keep its calculation of the drift of the native clock.}.

Increasingly we are moving towards an environment where users choose what is installed on their machines, where their trust in what is installed is highly variable\footnote{A user probably trusts their
operating system more than their browser, their browser more than the pages they browse to and some pages more than others.} and where “installation” of software is an increasingly fluid concept,
particularly in the context of the Web, where merely viewing a page can cause code to run.

In this paper I explore an alternative to the traditional mechanisms of roles and access control lists. Although I focus on the use case of web pages, mashups and gadgets, the technology is appliable to all access control.

And the paper is here.

Regular readers will not be surprised to hear I am talking about capabilities.

1 Comment

  1. […] One of the recent posts was about a paper he wrote on capability based security systems. I knew from university that depending on how you read a matrix mapping users, resources and access rights, it would be an access control list or a capability list. Therefore it looks at first sight as if access control lists and capability lists are semantically the same. You either store the rights on the resource itself and it becomes an access control list (most common example is a filesystem). You can store all the rights associated with a particular user and it becomes a capability list. Perhaps this was a simplification done in the textbook we had but it certainly has a degree of logic to it. As Ben explains there is a subtle difference between the two concepts and although they have a lot in common, they are not entirely identical in terms of protecting access to resources. […]

    Pingback by Ben Laurie’s Capabilities « Ruminations on Enterprise Architecture — 26 May 2008 @ 16:59

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress