Access Control in a World of Software Diversity

We describe a new design for authentication and access control. In this design, principals embody a flexible notion of authentication. They are compound principals that reflect the identities of the programs that have executed, even those of login programs. These identities are based on a naming tree. Our access control lists are patterns that recognize principals. We show how this design supports a variety of access control scenarios.

accesscontrolwithdiversity.pdf
PDF file

In  Proceedings of the Tenth Workshop on Hot Topics in Operating Systems

Publisher  USENIX
All copyrights reserved by USENIX 2004

Details

TypeInproceedings
AddressSanta Fe, NM
> Publications > Access Control in a World of Software Diversity