SlideShare una empresa de Scribd logo

Bracket Capability For Distributed Systems Security

Descargar como PPT, PDF
Talal Alsubaie
Talal Alsubaie

The document summarizes Talal A. Alsubaie's 2001 paper on bracket capabilities for distributed systems security. It discusses access control methods like access control lists and capabilities. It then presents a case study of an e-banking system implemented in Java that uses bracket capabilities and role-based access control to restrict access to bank account objects and views based on a user's role (e.g. teller, manager, account owner). Bracket capabilities allow refining the interface exposed to restrict a user's access to only required methods.

TecnologíaEmpresariales
1 de 33
Talal A. Alsubaie Presenting “Evereds” Paper (2001) Bracket Capability for Distributed Systems Security Talal A. Alsubaie
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
Protection in Operating System ,[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
Protection in Operating System ,[object Object],[object Object],Talal A. Alsubaie Object Subject Access
Protected Objects ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
Distributed System Security ,[object Object],[object Object],[object Object],Talal A. Alsubaie
Access Control ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
Access Control Talal A. Alsubaie Request for Operation Authorize Request ,[object Object],[object Object],[object Object]
Access Control List (ACL) Talal A. Alsubaie
Access Control List (ACL) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
General Schema ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie Ahmed R Mohammed R/W Talal W Omar Deny
How does ACL Works? Talal A. Alsubaie Create Request ( r ) as Subject ( s ) ( r , s ) Object ACL If ( s appears in ACL) if( r appears in ACL[ s ] ) grant access;
Capabilities Talal A. Alsubaie
Capabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
How does Capabilities Works? Talal A. Alsubaie ( r , o ) Object if( r appears in C ) grant access; ( C ) Create Request ( r ) for object ( o ) Pass capability ( C )
Case Study ,[object Object],Talal A. Alsubaie
Java Interface ,[object Object],[object Object],Talal A. Alsubaie interface Bicycle { void changeGear( int newValue); void speedUp( int increment); void applyBrakes( int decrement); } class MyBicycle implements Bicycle { // remainder of this class }
Banking System Talal A. Alsubaie A Bank Account object
Account Object Talal A. Alsubaie Class Accounts { void new (Key newKey, String name); void deposit (Key key, Currency amount); void withdraw (Key key, Currency amount) Currency balance (Key key); String getName (Key key); void setInterest ( Percent rate); void transfer (Key fromKey, Key toKey, Currency amount) }
Semantic Role-based Access Control ,[object Object],[object Object],Talal A. Alsubaie Teller
Semantic Role-based Access Control ,[object Object],[object Object],[object Object],Talal A. Alsubaie Bank Manager
Semantic Role-based Access Control ,[object Object],[object Object],[object Object],Talal A. Alsubaie
Extending Role-based Security ,[object Object],[object Object],Talal A. Alsubaie interface ATMAccounts { void withdraw(Key key, Currency amount) Currency balance (Key key); }
Extending Role-based Security ,[object Object],[object Object],[object Object],Talal A. Alsubaie
Extending Role-based Security ,[object Object],[object Object],Talal A. Alsubaie interface MyAccount { Currency balance (); String getName (); void transfer (Key toKey, Currency amount) }
Bracket Capabilities Talal A. Alsubaie
Bracket Capabilities ,[object Object],[object Object],[object Object],Talal A. Alsubaie Accounts acc= c.open();
Bracket Capabilities ,[object Object],[object Object],[object Object],Talal A. Alsubaie x = c.open(); Capability cref = x.refine(interface, class);
Bracket Capabilities Talal A. Alsubaie Capability C Capability Cerf Interface x = c.open(); Capability cref = x.refine(interface, class); Bracketing Object
Bracket Capabilities ,[object Object],Talal A. Alsubaie Capability C Capability Cerf Interface Bracketing Object
Bracket Capabilities Implementation Talal A. Alsubaie acc = objc.open(); Capability AtmCap = acc.refine(ATMAccounts , Account); Capability objc Capability AtmCap ATMAccount
Bracket Capabilities Implementation Talal A. Alsubaie Capability objc Capability AtmCap ATMAccount The result of a further 'refine' operation Capability cerf2 Interface2
Talal A. Alsubaie eMail : [email_address] Website : www.talals.net

Recomendados

Validate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation apiValidate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation api
Raffaele Chiocca
 
JavaEE Spring Seam
JavaEE Spring SeamJavaEE Spring Seam
JavaEE Spring Seam
Carol McDonald
 
10 Rules for Safer Code
10 Rules for Safer Code10 Rules for Safer Code
10 Rules for Safer Code
Quang Ngoc
 
Oop14
Oop14Oop14
Oop14
cnp_123balaji
 
GENERATING OF HIGH ALTERNATING VOLTAGE
GENERATING OF HIGH ALTERNATING VOLTAGEGENERATING OF HIGH ALTERNATING VOLTAGE
GENERATING OF HIGH ALTERNATING VOLTAGE
Jamil Abdullah
 
Optical Current Transformer (OCT)
Optical Current Transformer (OCT)Optical Current Transformer (OCT)
Optical Current Transformer (OCT)
Seminar Links
 
instrument transformer
instrument transformerinstrument transformer
instrument transformer
Nishant Kumar
 
Transformer construction,types and working
Transformer construction,types and workingTransformer construction,types and working
Transformer construction,types and working
maharshi dayanand university rohtak
 

Recomendados

Validate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation apiValidate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation api
Raffaele Chiocca
 
JavaEE Spring Seam
JavaEE Spring SeamJavaEE Spring Seam
JavaEE Spring Seam
Carol McDonald
 
10 Rules for Safer Code
10 Rules for Safer Code10 Rules for Safer Code
10 Rules for Safer Code
Quang Ngoc
 
Oop14
Oop14Oop14
Oop14
cnp_123balaji
 
GENERATING OF HIGH ALTERNATING VOLTAGE
GENERATING OF HIGH ALTERNATING VOLTAGEGENERATING OF HIGH ALTERNATING VOLTAGE
GENERATING OF HIGH ALTERNATING VOLTAGE
Jamil Abdullah
 
Optical Current Transformer (OCT)
Optical Current Transformer (OCT)Optical Current Transformer (OCT)
Optical Current Transformer (OCT)
Seminar Links
 
instrument transformer
instrument transformerinstrument transformer
instrument transformer
Nishant Kumar
 
Transformer construction,types and working
Transformer construction,types and workingTransformer construction,types and working
Transformer construction,types and working
maharshi dayanand university rohtak
 
Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9
breccan
 
Chapter23
Chapter23Chapter23
Chapter23
gourab87
 
Attribute-Based Access Control in Symfony
Attribute-Based Access Control in SymfonyAttribute-Based Access Control in Symfony
Attribute-Based Access Control in Symfony
Adam Elsodaney
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
Jason Chan
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
Nordic APIs
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
David Brossard
 
Akka Microservices Architecture And Design
Akka Microservices Architecture And DesignAkka Microservices Architecture And Design
Akka Microservices Architecture And Design
Yaroslav Tkachenko
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
zakieh alizadeh
 
C0 review core java1
C0 review core java1C0 review core java1
C0 review core java1
tam53pm1
 
Basics of Java Script (JS)
Basics of Java Script (JS)Basics of Java Script (JS)
Basics of Java Script (JS)
Ajay Khatri
 
Role Based ACL
Role Based ACLRole Based ACL
Role Based ACL
Randy Carey
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.ppt
DAKSHATAPANCHAL2
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
nexgentechnology
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
Nexgen Technology
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
nexgentechnology
 
Control cloud data access privilege and
Control cloud data access privilege andControl cloud data access privilege and
Control cloud data access privilege and
nexgentech15
 
Introduction to c_plus_plus
Introduction to c_plus_plusIntroduction to c_plus_plus
Introduction to c_plus_plus
Sayed Ahmed
 
Introduction to c_plus_plus (6)
Introduction to c_plus_plus (6)Introduction to c_plus_plus (6)
Introduction to c_plus_plus (6)
Sayed Ahmed
 
Security & Protection
Security & ProtectionSecurity & Protection
Security & Protection
vinay arora
 
My first zf presentation part two
My first zf presentation part twoMy first zf presentation part two
My first zf presentation part two
isaaczfoster
 
Exploratory Data Analysis
Exploratory Data AnalysisExploratory Data Analysis
Exploratory Data Analysis
Talal Alsubaie
 
هل نحتاج لإجراءات العمل Do we need BPM
هل نحتاج لإجراءات العمل Do we need BPMهل نحتاج لإجراءات العمل Do we need BPM
هل نحتاج لإجراءات العمل Do we need BPM
Talal Alsubaie
 

Más contenido relacionado

Similar a Bracket Capability For Distributed Systems Security

Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9
breccan
 
Attribute-Based Access Control in Symfony
Attribute-Based Access Control in SymfonyAttribute-Based Access Control in Symfony
Attribute-Based Access Control in Symfony
Adam Elsodaney
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
Nordic APIs
 
Akka Microservices Architecture And Design
Akka Microservices Architecture And DesignAkka Microservices Architecture And Design
Akka Microservices Architecture And Design
Yaroslav Tkachenko
 
C0 review core java1
C0 review core java1C0 review core java1
C0 review core java1
tam53pm1
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
nexgentechnology
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
Nexgen Technology
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
nexgentechnology
 
Security & Protection
Security & ProtectionSecurity & Protection
Security & Protection
vinay arora
 
My first zf presentation part two
My first zf presentation part twoMy first zf presentation part two
My first zf presentation part two
isaaczfoster
 

Similar a Bracket Capability For Distributed Systems Security (20)

Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9
 
Chapter23
Chapter23Chapter23
Chapter23
 
Attribute-Based Access Control in Symfony
Attribute-Based Access Control in SymfonyAttribute-Based Access Control in Symfony
Attribute-Based Access Control in Symfony
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
 
Akka Microservices Architecture And Design
Akka Microservices Architecture And DesignAkka Microservices Architecture And Design
Akka Microservices Architecture And Design
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
 
C0 review core java1
C0 review core java1C0 review core java1
C0 review core java1
 
Basics of Java Script (JS)
Basics of Java Script (JS)Basics of Java Script (JS)
Basics of Java Script (JS)
 
Role Based ACL
Role Based ACLRole Based ACL
Role Based ACL
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.ppt
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
 
Control cloud data access privilege and
Control cloud data access privilege andControl cloud data access privilege and
Control cloud data access privilege and
 
Introduction to c_plus_plus
Introduction to c_plus_plusIntroduction to c_plus_plus
Introduction to c_plus_plus
 
Introduction to c_plus_plus (6)
Introduction to c_plus_plus (6)Introduction to c_plus_plus (6)
Introduction to c_plus_plus (6)
 
Security & Protection
Security & ProtectionSecurity & Protection
Security & Protection
 
My first zf presentation part two
My first zf presentation part twoMy first zf presentation part two
My first zf presentation part two
 

Más de Talal Alsubaie

Similarity Search For Web Services
Similarity Search For Web ServicesSimilarity Search For Web Services
Similarity Search For Web Services
Talal Alsubaie
 
Selected Topics ASP.NET2
Selected Topics ASP.NET2Selected Topics ASP.NET2
Selected Topics ASP.NET2
Talal Alsubaie
 

Más de Talal Alsubaie (10)

Exploratory Data Analysis
Exploratory Data AnalysisExploratory Data Analysis
Exploratory Data Analysis
 
هل نحتاج لإجراءات العمل Do we need BPM
هل نحتاج لإجراءات العمل Do we need BPMهل نحتاج لإجراءات العمل Do we need BPM
هل نحتاج لإجراءات العمل Do we need BPM
 
9 عوامل تفشل مشاريع توثيق الإجراءات
9 عوامل تفشل مشاريع توثيق الإجراءات9 عوامل تفشل مشاريع توثيق الإجراءات
9 عوامل تفشل مشاريع توثيق الإجراءات
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Similarity Search For Web Services
Similarity Search For Web ServicesSimilarity Search For Web Services
Similarity Search For Web Services
 
Pattern Recognition
Pattern RecognitionPattern Recognition
Pattern Recognition
 
Selected Topics ASP.NET2
Selected Topics ASP.NET2Selected Topics ASP.NET2
Selected Topics ASP.NET2
 
Ajax & ASP.NET 2
Ajax & ASP.NET 2Ajax & ASP.NET 2
Ajax & ASP.NET 2
 
IPv6
IPv6IPv6
IPv6
 
Emerging DB Technologies
Emerging DB TechnologiesEmerging DB Technologies
Emerging DB Technologies
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Bracket Capability For Distributed Systems Security

  • 1. Talal A. Alsubaie Presenting “Evereds” Paper (2001) Bracket Capability for Distributed Systems Security Talal A. Alsubaie
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. Access Control List (ACL) Talal A. Alsubaie
  • 10.
  • 11.
  • 12. How does ACL Works? Talal A. Alsubaie Create Request ( r ) as Subject ( s ) ( r , s ) Object ACL If ( s appears in ACL) if( r appears in ACL[ s ] ) grant access;
  • 13. Capabilities Talal A. Alsubaie
  • 14.
  • 15. How does Capabilities Works? Talal A. Alsubaie ( r , o ) Object if( r appears in C ) grant access; ( C ) Create Request ( r ) for object ( o ) Pass capability ( C )
  • 16.
  • 17.
  • 18. Banking System Talal A. Alsubaie A Bank Account object
  • 19. Account Object Talal A. Alsubaie Class Accounts { void new (Key newKey, String name); void deposit (Key key, Currency amount); void withdraw (Key key, Currency amount) Currency balance (Key key); String getName (Key key); void setInterest ( Percent rate); void transfer (Key fromKey, Key toKey, Currency amount) }
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 27.
  • 28.
  • 29. Bracket Capabilities Talal A. Alsubaie Capability C Capability Cerf Interface x = c.open(); Capability cref = x.refine(interface, class); Bracketing Object
  • 30.
  • 31. Bracket Capabilities Implementation Talal A. Alsubaie acc = objc.open(); Capability AtmCap = acc.refine(ATMAccounts , Account); Capability objc Capability AtmCap ATMAccount
  • 32. Bracket Capabilities Implementation Talal A. Alsubaie Capability objc Capability AtmCap ATMAccount The result of a further 'refine' operation Capability cerf2 Interface2
  • 33. Talal A. Alsubaie eMail : [email_address] Website : www.talals.net