[cap-talk] Communicating conspirators
Karp, Alan H
alan.karp at hp.com
Mon Jul 17 13:07:25 EDT 2006
MarkM wrote:
>
> Sadly, <http://eprint.iacr.org/2005/169.pdf>
> "Enforcing Confinement in Distributed Storage and a Cryptographic
> Model for Access Control"
> by Shai Halevi, Paul A. Karger, Dalit Naor
>
I only read far enough to see what they're doing. It's not confinement,
but it's not unreasonable. They are making sure that a capability is
used on the communication channel it was sent over. That doesn't
prevent proxying, but it does have some advantages. One is Voluntary
Oblivious Compliance. If Bob is given a capability to Alice, Bob can
only let Carol use that capability by explicitly proxying her requests.
No harm is done should Bob inadvertently pass the Alice capability to
Carol.
A slight modification of their proposal would make it even more useful.
Let the object server on each channel keep a list of capabilities passed
on that channel. Now, Bob can send the Alice capability to Carol, and
Carol can use it only if it has been passed to Carol on her link to
Alice. This is an example of MarkM's Loan Officer Protocol.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list