1 / 15

panel: Delegation and Authorization in Cloud Computing

panel: Delegation and Authorization in Cloud Computing. Robbert van Renesse Cornell University. Delegation and Authorization. Upon receipt of a request from some client, does a cloud service allow access? Today’s solution: Access Control Lists requires authenticating the user

aira
Download Presentation

panel: Delegation and Authorization in Cloud Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. panel:Delegation and Authorization in Cloud Computing Robbert van Renesse Cornell University

  2. Delegation and Authorization • Upon receipt of a request from some client, does a cloud service allow access? • Today’s solution: Access Control Lists • requires authenticating the user • makes delegation difficult • many potential privacy concerns • violates Principle of Least Privilege • client process gets all rights of user • complicates abstraction

  3. Programmer’s Toolbox: Abstraction PhotoFrame.com Amazon S3 PhotoFrame App

  4. Abstraction with ACLs PhotoFrame.com credentials Amazon S3 credentials PhotoFrame App

  5. Abstraction with ACLs PhotoFrame.com credentials Amazon S3 credentials Inefficient Insecure Hard to Scale PhotoFrame App

  6. Abstraction with Capabilities PhotoFrame.com capability Amazon S3 capability capability PhotoFrame App

  7. Revisit Capabilities? (LvD) • Authorize not based on who you are, but on what you have • Capabilities are unforgeable • Delegation is trivial

  8. Abstraction: Restricted Delegation PhotoFrame.com capability Amazon S3 restricted capability restricted capability PhotoFrame App

  9. Abstraction: Restricted Delegation PhotoFrame.com capability Amazon S3 more restricted capability restricted capability more restricted capability

  10. Restricted Capability • Rights is a function: Request  Boolean • e.g., server-side secure ECMAscript • Evaluated by resource (S3 in our example) • Examples: • can’t access first 16 bytes of file • bytes 17-32 contain a date string • access only between 1 and 5pm • access only from .edu domain

  11. Restricted Delegation:Onion-Capability • Attenuation • add a layer with an additional rights function (off-line) • Amplification • peal off a layer • only allowed by creator of layer

  12. Abstraction: Amplification original capability PhotoFrame.com Amazon S3 restricted capability PhotoFrame App

  13. Onion-Capability, cont’d • Attenuation • add a layer with an additional rights function (off-line) • Amplification • peal off a layer • only allowed by creator of layer • captures provenance • simplifies revocation • can be implemented using certificate chains

  14. Conclusion • Reconsider capabilities • support abstraction • through restricted delegation and amplification • support privacy • support fine-grained access control (PoLP) • scale • Have some snags to be worked out… • storage, caching, revocation, object garbage collection, …

  15. Onion-Cap: Implementation Pedigree: Certificate Chain Private Key PrivKey-PF PrivKey-S3 held with object

More Related