SlideShare uma empresa Scribd logo

Bracket Capability For Distributed Systems Security

Transferir como PPT, PDF
Talal Alsubaie
Talal Alsubaie

The document summarizes Talal A. Alsubaie's 2001 paper on bracket capabilities for distributed systems security. It discusses access control methods like access control lists and capabilities. It then presents a case study of an e-banking system implemented in Java that uses bracket capabilities and role-based access control to restrict access to bank account objects and views based on a user's role (e.g. teller, manager, account owner). Bracket capabilities allow refining the interface exposed to restrict a user's access to only required methods.

TecnologiaNegócios
1 de 33
Talal A. Alsubaie Presenting “Evereds” Paper (2001) Bracket Capability for Distributed Systems Security Talal A. Alsubaie
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
Protection in Operating System ,[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
Protection in Operating System ,[object Object],[object Object],Talal A. Alsubaie Object Subject Access
Protected Objects ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
Distributed System Security ,[object Object],[object Object],[object Object],Talal A. Alsubaie
Access Control ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
Access Control Talal A. Alsubaie Request for Operation Authorize Request ,[object Object],[object Object],[object Object]
Access Control List (ACL) Talal A. Alsubaie
Access Control List (ACL) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
General Schema ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie Ahmed R Mohammed R/W Talal W Omar Deny
How does ACL Works? Talal A. Alsubaie Create Request ( r ) as Subject ( s ) ( r , s ) Object ACL If ( s appears in ACL) if( r appears in ACL[ s ] ) grant access;
Capabilities Talal A. Alsubaie
Capabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Talal A. Alsubaie
How does Capabilities Works? Talal A. Alsubaie ( r , o ) Object if( r appears in C ) grant access; ( C ) Create Request ( r ) for object ( o ) Pass capability ( C )
Case Study ,[object Object],Talal A. Alsubaie
Java Interface ,[object Object],[object Object],Talal A. Alsubaie interface Bicycle { void changeGear( int newValue); void speedUp( int increment); void applyBrakes( int decrement); } class MyBicycle implements Bicycle { // remainder of this class }
Banking System Talal A. Alsubaie A Bank Account object
Account Object Talal A. Alsubaie Class Accounts { void new (Key newKey, String name); void deposit (Key key, Currency amount); void withdraw (Key key, Currency amount) Currency balance (Key key); String getName (Key key); void setInterest ( Percent rate); void transfer (Key fromKey, Key toKey, Currency amount) }
Semantic Role-based Access Control ,[object Object],[object Object],Talal A. Alsubaie Teller
Semantic Role-based Access Control ,[object Object],[object Object],[object Object],Talal A. Alsubaie Bank Manager
Semantic Role-based Access Control ,[object Object],[object Object],[object Object],Talal A. Alsubaie
Extending Role-based Security ,[object Object],[object Object],Talal A. Alsubaie interface ATMAccounts { void withdraw(Key key, Currency amount) Currency balance (Key key); }
Extending Role-based Security ,[object Object],[object Object],[object Object],Talal A. Alsubaie
Extending Role-based Security ,[object Object],[object Object],Talal A. Alsubaie interface MyAccount { Currency balance (); String getName (); void transfer (Key toKey, Currency amount) }
Bracket Capabilities Talal A. Alsubaie
Bracket Capabilities ,[object Object],[object Object],[object Object],Talal A. Alsubaie Accounts acc= c.open();
Bracket Capabilities ,[object Object],[object Object],[object Object],Talal A. Alsubaie x = c.open(); Capability cref = x.refine(interface, class);
Bracket Capabilities Talal A. Alsubaie Capability C Capability Cerf Interface x = c.open(); Capability cref = x.refine(interface, class); Bracketing Object
Bracket Capabilities ,[object Object],Talal A. Alsubaie Capability C Capability Cerf Interface Bracketing Object
Bracket Capabilities Implementation Talal A. Alsubaie acc = objc.open(); Capability AtmCap = acc.refine(ATMAccounts , Account); Capability objc Capability AtmCap ATMAccount
Bracket Capabilities Implementation Talal A. Alsubaie Capability objc Capability AtmCap ATMAccount The result of a further 'refine' operation Capability cerf2 Interface2
Talal A. Alsubaie eMail : [email_address] Website : www.talals.net

Recomendados

Validate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation apiValidate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation apiRaffaele Chiocca
 
JavaEE Spring Seam
JavaEE Spring SeamJavaEE Spring Seam
JavaEE Spring SeamCarol McDonald
 
10 Rules for Safer Code
10 Rules for Safer Code10 Rules for Safer Code
10 Rules for Safer CodeQuang Ngoc
 
Oop14
Oop14Oop14
Oop14cnp_123balaji
 
GENERATING OF HIGH ALTERNATING VOLTAGE
GENERATING OF HIGH ALTERNATING VOLTAGEGENERATING OF HIGH ALTERNATING VOLTAGE
GENERATING OF HIGH ALTERNATING VOLTAGEJamil Abdullah
 
Optical Current Transformer (OCT)
Optical Current Transformer (OCT)Optical Current Transformer (OCT)
Optical Current Transformer (OCT)Seminar Links
 
instrument transformer
instrument transformerinstrument transformer
instrument transformerNishant Kumar
 
Transformer construction,types and working
Transformer construction,types and workingTransformer construction,types and working
Transformer construction,types and workingmaharshi dayanand university rohtak
 

Recomendados

Validate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation apiValidate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation apiRaffaele Chiocca
 
JavaEE Spring Seam
JavaEE Spring SeamJavaEE Spring Seam
JavaEE Spring SeamCarol McDonald
 
10 Rules for Safer Code
10 Rules for Safer Code10 Rules for Safer Code
10 Rules for Safer CodeQuang Ngoc
 
Oop14
Oop14Oop14
Oop14cnp_123balaji
 
GENERATING OF HIGH ALTERNATING VOLTAGE
GENERATING OF HIGH ALTERNATING VOLTAGEGENERATING OF HIGH ALTERNATING VOLTAGE
GENERATING OF HIGH ALTERNATING VOLTAGEJamil Abdullah
 
Optical Current Transformer (OCT)
Optical Current Transformer (OCT)Optical Current Transformer (OCT)
Optical Current Transformer (OCT)Seminar Links
 
instrument transformer
instrument transformerinstrument transformer
instrument transformerNishant Kumar
 
Transformer construction,types and working
Transformer construction,types and workingTransformer construction,types and working
Transformer construction,types and workingmaharshi dayanand university rohtak
 
Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9breccan
 
Chapter23
Chapter23Chapter23
Chapter23gourab87
 
Attribute-Based Access Control in Symfony
Attribute-Based Access Control in SymfonyAttribute-Based Access Control in Symfony
Attribute-Based Access Control in SymfonyAdam Elsodaney
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services SecurityJason Chan
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...Nordic APIs
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...David Brossard
 
Akka Microservices Architecture And Design
Akka Microservices Architecture And DesignAkka Microservices Architecture And Design
Akka Microservices Architecture And DesignYaroslav Tkachenko
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorizationzakieh alizadeh
 
C0 review core java1
C0 review core java1C0 review core java1
C0 review core java1tam53pm1
 
Basics of Java Script (JS)
Basics of Java Script (JS)Basics of Java Script (JS)
Basics of Java Script (JS)Ajay Khatri
 
Role Based ACL
Role Based ACLRole Based ACL
Role Based ACLRandy Carey
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.pptDAKSHATAPANCHAL2
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...nexgentechnology
 
Control cloud data access privilege and
Control cloud data access privilege andControl cloud data access privilege and
Control cloud data access privilege andnexgentech15
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...Nexgen Technology
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...nexgentechnology
 
Introduction to c_plus_plus
Introduction to c_plus_plusIntroduction to c_plus_plus
Introduction to c_plus_plusSayed Ahmed
 
Introduction to c_plus_plus (6)
Introduction to c_plus_plus (6)Introduction to c_plus_plus (6)
Introduction to c_plus_plus (6)Sayed Ahmed
 
Security & Protection
Security & ProtectionSecurity & Protection
Security & Protectionvinay arora
 
My first zf presentation part two
My first zf presentation part twoMy first zf presentation part two
My first zf presentation part twoisaaczfoster
 
Exploratory Data Analysis
Exploratory Data AnalysisExploratory Data Analysis
Exploratory Data AnalysisTalal Alsubaie
 
هل نحتاج لإجراءات العمل Do we need BPM
هل نحتاج لإجراءات العمل Do we need BPMهل نحتاج لإجراءات العمل Do we need BPM
هل نحتاج لإجراءات العمل Do we need BPMTalal Alsubaie
 

Mais conteúdo relacionado

Semelhante a Bracket Capability For Distributed Systems Security

Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9breccan
 
Attribute-Based Access Control in Symfony
Attribute-Based Access Control in SymfonyAttribute-Based Access Control in Symfony
Attribute-Based Access Control in SymfonyAdam Elsodaney
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services SecurityJason Chan
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...Nordic APIs
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...David Brossard
 
Akka Microservices Architecture And Design
Akka Microservices Architecture And DesignAkka Microservices Architecture And Design
Akka Microservices Architecture And DesignYaroslav Tkachenko
 
C0 review core java1
C0 review core java1C0 review core java1
C0 review core java1tam53pm1
 
Basics of Java Script (JS)
Basics of Java Script (JS)Basics of Java Script (JS)
Basics of Java Script (JS)Ajay Khatri
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...nexgentechnology
 
Control cloud data access privilege and
Control cloud data access privilege andControl cloud data access privilege and
Control cloud data access privilege andnexgentech15
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...Nexgen Technology
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...nexgentechnology
 
Introduction to c_plus_plus
Introduction to c_plus_plusIntroduction to c_plus_plus
Introduction to c_plus_plusSayed Ahmed
 
Introduction to c_plus_plus (6)
Introduction to c_plus_plus (6)Introduction to c_plus_plus (6)
Introduction to c_plus_plus (6)Sayed Ahmed
 
Security & Protection
Security & ProtectionSecurity & Protection
Security & Protectionvinay arora
 
My first zf presentation part two
My first zf presentation part twoMy first zf presentation part two
My first zf presentation part twoisaaczfoster
 

Semelhante a Bracket Capability For Distributed Systems Security (20)

Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9Wellrailed - Be9's Acl9
Wellrailed - Be9's Acl9
 
Chapter23
Chapter23Chapter23
Chapter23
 
Attribute-Based Access Control in Symfony
Attribute-Based Access Control in SymfonyAttribute-Based Access Control in Symfony
Attribute-Based Access Control in Symfony
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
 
Akka Microservices Architecture And Design
Akka Microservices Architecture And DesignAkka Microservices Architecture And Design
Akka Microservices Architecture And Design
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
 
C0 review core java1
C0 review core java1C0 review core java1
C0 review core java1
 
Basics of Java Script (JS)
Basics of Java Script (JS)Basics of Java Script (JS)
Basics of Java Script (JS)
 
Role Based ACL
Role Based ACLRole Based ACL
Role Based ACL
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.ppt
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
 
Control cloud data access privilege and
Control cloud data access privilege andControl cloud data access privilege and
Control cloud data access privilege and
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...
 
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI... CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRI...
 
Introduction to c_plus_plus
Introduction to c_plus_plusIntroduction to c_plus_plus
Introduction to c_plus_plus
 
Introduction to c_plus_plus (6)
Introduction to c_plus_plus (6)Introduction to c_plus_plus (6)
Introduction to c_plus_plus (6)
 
Security & Protection
Security & ProtectionSecurity & Protection
Security & Protection
 
My first zf presentation part two
My first zf presentation part twoMy first zf presentation part two
My first zf presentation part two
 

Mais de Talal Alsubaie

Exploratory Data Analysis
Exploratory Data AnalysisExploratory Data Analysis
Exploratory Data AnalysisTalal Alsubaie
 
هل نحتاج لإجراءات العمل Do we need BPM
هل نحتاج لإجراءات العمل Do we need BPMهل نحتاج لإجراءات العمل Do we need BPM
هل نحتاج لإجراءات العمل Do we need BPMTalal Alsubaie
 
9 عوامل تفشل مشاريع توثيق الإجراءات
9 عوامل تفشل مشاريع توثيق الإجراءات9 عوامل تفشل مشاريع توثيق الإجراءات
9 عوامل تفشل مشاريع توثيق الإجراءاتTalal Alsubaie
 
Similarity Search For Web Services
Similarity Search For Web ServicesSimilarity Search For Web Services
Similarity Search For Web ServicesTalal Alsubaie
 
Selected Topics ASP.NET2
Selected Topics ASP.NET2Selected Topics ASP.NET2
Selected Topics ASP.NET2Talal Alsubaie
 
Emerging DB Technologies
Emerging DB TechnologiesEmerging DB Technologies
Emerging DB TechnologiesTalal Alsubaie
 

Mais de Talal Alsubaie (10)

Exploratory Data Analysis
Exploratory Data AnalysisExploratory Data Analysis
Exploratory Data Analysis
 
هل نحتاج لإجراءات العمل Do we need BPM
هل نحتاج لإجراءات العمل Do we need BPMهل نحتاج لإجراءات العمل Do we need BPM
هل نحتاج لإجراءات العمل Do we need BPM
 
9 عوامل تفشل مشاريع توثيق الإجراءات
9 عوامل تفشل مشاريع توثيق الإجراءات9 عوامل تفشل مشاريع توثيق الإجراءات
9 عوامل تفشل مشاريع توثيق الإجراءات
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Similarity Search For Web Services
Similarity Search For Web ServicesSimilarity Search For Web Services
Similarity Search For Web Services
 
Pattern Recognition
Pattern RecognitionPattern Recognition
Pattern Recognition
 
Selected Topics ASP.NET2
Selected Topics ASP.NET2Selected Topics ASP.NET2
Selected Topics ASP.NET2
 
Ajax & ASP.NET 2
Ajax & ASP.NET 2Ajax & ASP.NET 2
Ajax & ASP.NET 2
 
IPv6
IPv6IPv6
IPv6
 
Emerging DB Technologies
Emerging DB TechnologiesEmerging DB Technologies
Emerging DB Technologies
 

Último

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Bracket Capability For Distributed Systems Security

  • 1. Talal A. Alsubaie Presenting “Evereds” Paper (2001) Bracket Capability for Distributed Systems Security Talal A. Alsubaie
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. Access Control List (ACL) Talal A. Alsubaie
  • 10.
  • 11.
  • 12. How does ACL Works? Talal A. Alsubaie Create Request ( r ) as Subject ( s ) ( r , s ) Object ACL If ( s appears in ACL) if( r appears in ACL[ s ] ) grant access;
  • 13. Capabilities Talal A. Alsubaie
  • 14.
  • 15. How does Capabilities Works? Talal A. Alsubaie ( r , o ) Object if( r appears in C ) grant access; ( C ) Create Request ( r ) for object ( o ) Pass capability ( C )
  • 16.
  • 17.
  • 18. Banking System Talal A. Alsubaie A Bank Account object
  • 19. Account Object Talal A. Alsubaie Class Accounts { void new (Key newKey, String name); void deposit (Key key, Currency amount); void withdraw (Key key, Currency amount) Currency balance (Key key); String getName (Key key); void setInterest ( Percent rate); void transfer (Key fromKey, Key toKey, Currency amount) }
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 27.
  • 28.
  • 29. Bracket Capabilities Talal A. Alsubaie Capability C Capability Cerf Interface x = c.open(); Capability cref = x.refine(interface, class); Bracketing Object
  • 30.
  • 31. Bracket Capabilities Implementation Talal A. Alsubaie acc = objc.open(); Capability AtmCap = acc.refine(ATMAccounts , Account); Capability objc Capability AtmCap ATMAccount
  • 32. Bracket Capabilities Implementation Talal A. Alsubaie Capability objc Capability AtmCap ATMAccount The result of a further 'refine' operation Capability cerf2 Interface2
  • 33. Talal A. Alsubaie eMail : [email_address] Website : www.talals.net