ABSTRACT With reference to a protection model featuring processes, objects and domains, we consider the salient aspects of the protection problem, domain representation and access right segregation in memory. We propose a solution based on protected references, each consisting of the identifier of an object and the specification of a collection of access rights for this object. The protection system associates an encryption key with each object and each domain. A protected reference for a given object is always part of a domain, and is stored in memory in the ciphertext form that results from application of a double encryption using both the object key and the domain key.
Cite this paper
L. Lopriore, "Reference Encryption for Access Right Segregation and Domain Representation," Journal of Information Security, Vol. 3 No. 2, 2012, pp. 86-90. doi: 10.4236/jis.2012.32010.
 L. Lopriore, “Access Control Mechanisms in a Distributed, Persistent Memory System,” IEEE Transactions on Parallel and Distributed Systems, Vol. 13, No. 10, 2002, pp. 1066-1083. doi:10.1109/TPDS.2002.1041883
 R. S. Sandhu and P. Samarati, “Access Control: Principle and Practice,” IEEE Communications Magazine, Vol. 32, No. 9, 1994, pp. 40-48. doi:10.1109/35.312842
 H. M. Levy, “Capability-Based Computer Systems,” Butterworth-Heinemann, Oxford, 1984.
 I. Kuz, G. Klein, C. Lewis and A. Walker, “CapDL: A Language for Describing Capability-Based Systems,” Proceedings of the 1st ACM Asia-Pacific Workshop on Systems, New Delhi, 30 August-3 September August 2010, pp. 31-36. doi:10.1145/1851276.1851284
 M. de Vivo, G. O. de Vivo and L. Gonzalez, “A Brief Essay on Capabilities,” SIGPLAN Notices, Vol. 30, No. 7, 1995, pp. 29-36. doi:10.1145/208639.208641
 G. Klein et al., “seL4: Formal Verification of an OS Kernel,” Proceedings of the 22nd ACM Symposium on Operating Systems Principles, Big Sky, 11-14 October 2009, pp. 207-220. doi:10.1145/1629575.1629596
 E. I. Organick, “A Programmer’s View of the Intel 432 System,” McGraw-Hill, New York, 1983.
 P. G. Neumann and R. J. Feiertag, “PSOS Revisited,” Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, 8-12 December 2003, pp. 208-216. doi:10.1109/CSAC.2003.1254326
 L. Lopriore, “Capability Based Tagged Architectures,” IEEE Transactions on Computers, Vol. C-33, No. 9, 1984, pp. 786-803. doi:10.1109/TC.1984.1676495
 M. D. Castro, R. D. Pose and C. Kopp, “Password-Capabilities and the Walnut Kernel,” The Computer Journal, Vol. 51, No. 5, 2008, pp. 595-607.
 G. Heiser, K. Elphinstone, J. Vochteloo, S. Russell and J. Liedtke, “The Mungi Single-Address-Space Operating System,” Software: Practice and Experience, Vol. 28, No. 9, 1998, pp. 901-928.
 M. Stamp, “Information Security: Principles and Practice,” 2nd Edition, Wiley, Hoboken, 2011.
 J. Burke, J. McDonald and T. Austin, “Architectural Support for Fast Symmetric-Key Cryptography,” Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, Cambridge, 12-15 November 2000, pp. 178-189.
 N. Tuck, B. Calder and G. Varghese, “Hardware and Binary Modification Support for Code Pointer Protection from Buffer Overflow,” Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, Portland, 4-8 December 2004, pp. 209-220.
 Y. Younan, F. Piessens and W. Joosen, “Protecting Global and Static Variables from Buffer Overflow Attacks,” Proceedings of the 4th International Conference on Availability, Reliability and Security, Fukuoka, 16-19 March 2009, pp. 798-803. doi:10.1109/ARES.2009.126
 M. Anderson, R. D. Pose and C. S. Wallace, “A PasswordCapability System,” The Computer Journal, Vol. 29, No. 1, 1986, pp. 1-8. doi:10.1093/comjnl/29.1.1
 P. Gazi and U. Maurer, “Cascade Encryption Revisited,” Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, 6-10 December 2009, pp. 37-51.