JIS  Vol.3 No.2 , April 2012
Reference Encryption for Access Right Segregation and Domain Representation
Author(s) Lanfranco Lopriore*
ABSTRACT
With reference to a protection model featuring processes, objects and domains, we consider the salient aspects of the protection problem, domain representation and access right segregation in memory. We propose a solution based on protected references, each consisting of the identifier of an object and the specification of a collection of access rights for this object. The protection system associates an encryption key with each object and each domain. A protected reference for a given object is always part of a domain, and is stored in memory in the ciphertext form that results from application of a double encryption using both the object key and the domain key.

Cite this paper
L. Lopriore, "Reference Encryption for Access Right Segregation and Domain Representation," Journal of Information Security, Vol. 3 No. 2, 2012, pp. 86-90. doi: 10.4236/jis.2012.32010.
References
[1]   L. Lopriore, “Access Control Mechanisms in a Distributed, Persistent Memory System,” IEEE Transactions on Parallel and Distributed Systems, Vol. 13, No. 10, 2002, pp. 1066-1083. doi:10.1109/TPDS.2002.1041883

[2]   R. S. Sandhu and P. Samarati, “Access Control: Principle and Practice,” IEEE Communications Magazine, Vol. 32, No. 9, 1994, pp. 40-48. doi:10.1109/35.312842

[3]   H. M. Levy, “Capability-Based Computer Systems,” Butterworth-Heinemann, Oxford, 1984.

[4]   I. Kuz, G. Klein, C. Lewis and A. Walker, “CapDL: A Language for Describing Capability-Based Systems,” Proceedings of the 1st ACM Asia-Pacific Workshop on Systems, New Delhi, 30 August-3 September August 2010, pp. 31-36. doi:10.1145/1851276.1851284

[5]   M. de Vivo, G. O. de Vivo and L. Gonzalez, “A Brief Essay on Capabilities,” SIGPLAN Notices, Vol. 30, No. 7, 1995, pp. 29-36. doi:10.1145/208639.208641

[6]   G. Klein et al., “seL4: Formal Verification of an OS Kernel,” Proceedings of the 22nd ACM Symposium on Operating Systems Principles, Big Sky, 11-14 October 2009, pp. 207-220. doi:10.1145/1629575.1629596

[7]   E. I. Organick, “A Programmer’s View of the Intel 432 System,” McGraw-Hill, New York, 1983.

[8]   P. G. Neumann and R. J. Feiertag, “PSOS Revisited,” Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, 8-12 December 2003, pp. 208-216. doi:10.1109/CSAC.2003.1254326

[9]   L. Lopriore, “Capability Based Tagged Architectures,” IEEE Transactions on Computers, Vol. C-33, No. 9, 1984, pp. 786-803. doi:10.1109/TC.1984.1676495

[10]   M. D. Castro, R. D. Pose and C. Kopp, “Password-Capabilities and the Walnut Kernel,” The Computer Journal, Vol. 51, No. 5, 2008, pp. 595-607. doi:10.1093/comjnl/bxm124

[11]   G. Heiser, K. Elphinstone, J. Vochteloo, S. Russell and J. Liedtke, “The Mungi Single-Address-Space Operating System,” Software: Practice and Experience, Vol. 28, No. 9, 1998, pp. 901-928. doi:10.1002/(SICI)1097-024X(19980725)28:9<901::AID-SPE181>3.0.CO;2-7

[12]   M. Stamp, “Information Security: Principles and Practice,” 2nd Edition, Wiley, Hoboken, 2011. doi:10.1002/9781118027974

[13]   J. Burke, J. McDonald and T. Austin, “Architectural Support for Fast Symmetric-Key Cryptography,” Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, Cambridge, 12-15 November 2000, pp. 178-189. doi:10.1145/378993.379238

[14]   N. Tuck, B. Calder and G. Varghese, “Hardware and Binary Modification Support for Code Pointer Protection from Buffer Overflow,” Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, Portland, 4-8 December 2004, pp. 209-220. doi:10.1109/MICRO.2004.20

[15]   Y. Younan, F. Piessens and W. Joosen, “Protecting Global and Static Variables from Buffer Overflow Attacks,” Proceedings of the 4th International Conference on Availability, Reliability and Security, Fukuoka, 16-19 March 2009, pp. 798-803. doi:10.1109/ARES.2009.126

[16]   M. Anderson, R. D. Pose and C. S. Wallace, “A PasswordCapability System,” The Computer Journal, Vol. 29, No. 1, 1986, pp. 1-8. doi:10.1093/comjnl/29.1.1

[17]   P. Gazi and U. Maurer, “Cascade Encryption Revisited,” Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, 6-10 December 2009, pp. 37-51. doi:10.1007/978-3-642-10366-7_3

 
 
Top