Write a Blog >>
SPLASH 2017
Sun 22 - Fri 27 October 2017 Vancouver, Canada
Tue 24 Oct 2017 10:30 - 11:00 at Cavendish - Session 1

Diversity and complexity of cloud applications creates an inherent need for collaboration among multiple cloud players: appliance vendors, providers of third-party cloud services, consumers and providers of proprietary and regulated datasets, etc. Collaboration in a cloud, however, is hindered by the lack of access control mechanisms that can provide security in a decentralized environment and in the face of multiple mistrusting parties.

CapNet is a capability-based network architecture designed to enable least authority and secure collaboration in the cloud. At its core, CapNet is an object capability system that represents the resources of a traditional network as a graph of objects that have unforgeable pointers (or capabilities) to other objects. Capabilities in CapNet allow principals to perform operations on objects: e.g., a capability to a “flow object” allows packets to be sent along the flow, and a capability to a “node object” can control a virtual or physical device in the cloud. Principals have no authority beyond capabilities: all network operations are accessible only through capability invocations. CapNet allows fine-grained management of rights, recursive delegation, hierarchical policies, and least privilege. To enable secure collaboration, CapNet extends a classical capability model with support for decentralized authority. We implement CapNet in the substrate of a software-defined network, integrate it with the OpenStack cloud, and develop protocols enabling secure multi-party collaboration.

Tue 24 Oct

Displayed time zone: Tijuana, Baja California change

10:30 - 12:00
Session 1OCAP at Cavendish
10:30
30m
Talk
CapNet: Security and Least Authority in a Capability-Enabled Cloud
OCAP
Anton Burtsev University of California, Irvine, David Johnson University of Utah, Josh Kunz University of Utah, Eric Eide University of Utah, Jacobus Van der Merwe University of Utah
11:00
30m
Talk
Monte: A Spiritual Successor to E
OCAP
Corbin Simpson Matador Cloud LLC
11:30
30m
Talk
Using Object Capabilities and Effects to Build an Authority-Safe Module System
OCAP
Darya Melicher Carnegie Mellon University, Yangqingwei Shi Peking University, Valerie Zhao Wellesley College, Alex Potanin Victoria University of Wellington, Jonathan Aldrich Carnegie Mellon University