[cap-talk] Implementing a crypto brand: What are the security requirements?

Tyler Close tyler.close at gmail.com
Thu Mar 22 15:16:46 CDT 2007 

I'm looking at implementing a sealer / unsealer pair for
Joe-E/ref_send using cryptography, instead of object references. The
result would be the crypto brand we've discussed in the past.

I'm currently at the requirements gathering stage of development and
have found even this step to be pretty challenging and worthy of
discussion.

I think the first step is enumeration of all the security properties
of a brand implemented using object references. This list provides the
minimum requirements for the crypto implementation. In building this
list of security properties, I am using the brand API defined at:

http://waterken.sourceforge.net/javadoc/org/ref_send/brand/package-summary.html

I've composed an initial list of security properties. I'd like us to
criticize: the completeness of the list, the terminology used in the
list and the definitions used in the list.

For a brand A, the following security properties must hold:

Separation
        - Possession of Sealer A does not yield possession of Unsealer
A, nor possession of any Box A, except as the return of a seal()
operation.
        - Possession of a Box A does not yield possession of any other
Box A, nor the Sealer A, nor the Unsealer A.
        - Possession of Unsealer A does not yield possession of Sealer
A, nor any Box A.

Protection
    The contents of a Box A are only accessible given possession of
both Box A and Unsealer A.

Confidentiality
    Without possession of Unsealer A, possession of a Box A does not
yield any information about its contents.

Spoofability
    Without possession of Unsealer A , it is not possible to determine
if a Box is an authentic Box A.

Integrity
    The content of a Box A cannot be mutated.

Authenticity
    It is only possible to produce a Box A given possession of Sealer
A. Unsealer A can determine the authenticity of a Box A and provide
access to the content of Box A.

That's all I can think of at the moment. I created separate entries
for Protection and Confidentiality because I think the crypto
implementation can provide Protection, but can only roughly
approximate Confidentiality given the content of a Box may be
arbitrarily large. I am also unsure if it is feasible to implement
Spoofability. It's not a requirement I remember reading about in
crypto books.

Tyler

-- 
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/

Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/firefox/957/

More information about the cap-talk mailing list