具有代码功能的安全抽象

2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing Pub Date : 2012-10-19 DOI:10.1109/PDP.2013.87

R. V. Renesse, H. Johansen, Nihar Naigaonkar, D. Johansen

{"title":"具有代码功能的安全抽象","authors":"R. V. Renesse, H. Johansen, Nihar Naigaonkar, D. Johansen","doi":"10.1109/PDP.2013.87","DOIUrl":null,"url":null,"abstract":"We propose embedding executable code fragments in cryptographically protected capabilities to enable flexible discretionary access control in cloud-like computing infrastructures. We demonstrate how such a code capability mechanism can be implemented completely in user space. Using a novel combination of X.509 certificates and JavaScript code, code capabilities support restricted delegation, confinement, revocation, and rights amplification for secure abstraction.","PeriodicalId":202977,"journal":{"name":"2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing","volume":"81 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":"{\"title\":\"Secure Abstraction with Code Capabilities\",\"authors\":\"R. V. Renesse, H. Johansen, Nihar Naigaonkar, D. Johansen\",\"doi\":\"10.1109/PDP.2013.87\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose embedding executable code fragments in cryptographically protected capabilities to enable flexible discretionary access control in cloud-like computing infrastructures. We demonstrate how such a code capability mechanism can be implemented completely in user space. Using a novel combination of X.509 certificates and JavaScript code, code capabilities support restricted delegation, confinement, revocation, and rights amplification for secure abstraction.\",\"PeriodicalId\":202977,\"journal\":{\"name\":\"2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing\",\"volume\":\"81 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-10-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"17\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PDP.2013.87\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDP.2013.87","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 17

摘要

我们建议在加密保护功能中嵌入可执行代码片段，以便在类似云计算的基础设施中实现灵活的自主访问控制。我们将演示如何在用户空间中完全实现这样的代码能力机制。使用X.509证书和JavaScript代码的新颖组合，代码功能支持受限制的委托、限制、撤销和权限放大，以实现安全抽象。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Secure Abstraction with Code Capabilities

We propose embedding executable code fragments in cryptographically protected capabilities to enable flexible discretionary access control in cloud-like computing infrastructures. We demonstrate how such a code capability mechanism can be implemented completely in user space. Using a novel combination of X.509 certificates and JavaScript code, code capabilities support restricted delegation, confinement, revocation, and rights amplification for secure abstraction.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing

自引率

0.00%

发文量