CapNet: Security and Least Authority in a Capability-Enabled Cloud
Diversity and complexity of cloud applications creates an inherent need for collaboration among multiple cloud players: appliance vendors, providers of third-party cloud services, consumers and providers of proprietary and regulated datasets, etc. Collaboration in a cloud, however, is hindered by the lack of access control mechanisms that can provide security in a decentralized environment and in the face of multiple mistrusting parties.
CapNet is a capability-based network architecture designed to enable least authority and secure collaboration in the cloud. At its core, CapNet is an object capability system that represents the resources of a traditional network as a graph of objects that have unforgeable pointers (or capabilities) to other objects. Capabilities in CapNet allow principals to perform operations on objects: e.g., a capability to a “flow object” allows packets to be sent along the flow, and a capability to a “node object” can control a virtual or physical device in the cloud. Principals have no authority beyond capabilities: all network operations are accessible only through capability invocations. CapNet allows fine-grained management of rights, recursive delegation, hierarchical policies, and least privilege. To enable secure collaboration, CapNet extends a classical capability model with support for decentralized authority. We implement CapNet in the substrate of a software-defined network, integrate it with the OpenStack cloud, and develop protocols enabling secure multi-party collaboration.
Tue 24 Oct
|10:30 - 11:00|
|11:00 - 11:30|
|11:30 - 12:00|