Skip to main content
Springer Nature Link
Log in

Secure Network Objects

  • Chapter
Secure Internet Programming

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1603))

  • 601 Accesses

Abstract

We describe the design and implementation of secure network objects, which provide security for object-oriented network communication. The design takes advantage of objects and subtyping to present a simple but expressive programming interface for security, supporting both access control lists and capabilities. The implementation of this design fits nicely within the structure of the existing network objects system; we discuss its internal components, its performance, and its use in some applications.

Based on “Secure Network Objects” by Leendert van Doorn, Martín Abadi, Mike Burrows, and Edward Wobber, which appeared in the Proceedings of the IEEE Symposium on Security ⇐p; Privacy; Oakland, California, May 1996; 211–221. ©1996 IEEE.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Jean Bacon, Richard Hayton, Sai Lai Lo, and Ken Moody. Extensible access control for a hierarchy of servers. ACM Operating Systems Review, 28(3):4–15, July 1994.

    Article  Google Scholar 

  2. Andrew Birrell, Greg Nelson, Susan Owicki, and Edward Wobber. Network objects. Software Practice and Experience, S4(25):87–130, December 1995.

    Article  Google Scholar 

  3. Luca Cardelli. A language with distributed scope. Computing Systems, 8(1):27–59, January 1995.

    Google Scholar 

  4. W.R. Cheswick. An evening with Berferd, in which a hacker is lured, endured, and studied. In Proceedings of the Usenix Winter’ 92 Conference, 1992.

    Google Scholar 

  5. R.H. Deng, S.K. Bhonsle, W. Wang, and A.A. Lazar. Integrating security in CORBA based object architectures. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, pages 50–61, May 1995.

    Google Scholar 

  6. J.B. Dennis and E.C. van Horn. Programming semantics for multiprogrammed computation. Communications of the ACM, 9(3):143–155, March 1966.

    Article  MATH  Google Scholar 

  7. Li Gong. A secure identity-based capability system. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 56–63, May 1989.

    Google Scholar 

  8. Graham Hamilton. Personal communication, 1994 and 1996.

    Google Scholar 

  9. Paul Ashley Karger. Improving Security and Performance for Capability Systems. PhD thesis, Cambridge University, October 1988.

    Google Scholar 

  10. Butler Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613–615, October 1973.

    Article  Google Scholar 

  11. Butler Lampson. Protection. ACM Operating Systems Review, 1(8): 18–24, January 1974.

    Article  Google Scholar 

  12. Butler Lampson, Martín Abadi, Mike Burrows, and Edward Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265–310, November 1992.

    Article  Google Scholar 

  13. J. Mitchell, J. Gibbons, G. Hamilton, P. Kessler, Y. Khalidi, P. Kougiouris, P. Madany, M. Nelson, M. Powell, and S. Radia. An overview of the Spring system. In IEEE Compcon Spring 1994, February 1994.

    Google Scholar 

  14. R. Molva, G. Tsudik, E. van Herreweghen, and S. Zatti. Kryptoknight authentication and key distribution system. In Proceedings of the European Symposium on Research in Computer Security, November 1992.

    Google Scholar 

  15. Sape J. Mullender, Andrew S. Tanenbaum, and Robbert van Renesse. Using sparse capabilities in a distributed operating system. In Proceedings of the 6th IEEE conference on Distributed Computing Systems, June 1986.

    Google Scholar 

  16. National Bureau of Standards. Data encryption standard. FIPS 47, 1977.

    Google Scholar 

  17. Roger Needham. Names. In Sape Mullender, editor, Distributed Systems, chapter 12, pages 315–327. Addison-Wesley, second edition, 1993.

    Google Scholar 

  18. Greg Nelson, editor. Systems Programming with Modula-3. Prentice Hall, 1991.

    Google Scholar 

  19. Object Management Group. Common object request broker architecture and specification. OMG Document number 91.12.1.

    Google Scholar 

  20. Object Management Group. OMG documents. See URL: http://www.omg.org/.

  21. Open Software Foundation. Introduction to OSF DCE. Revision 1.0, 1992.

    Google Scholar 

  22. R.L. Rivest and S. Dusse. RFC 1321: The MD5 message-digest function. Internet Activities Board, 1992.

    Google Scholar 

  23. Marc Shapiro. Structure and encapsulation in distributed systems: The proxy principle. In IEEE International Conference on Distributed Computer Systems, May 1986.

    Google Scholar 

  24. Eugene H. Spafford. The Internet worm program: An analysis. Computer Communication Review, 19(1):17–57, January 1989.

    Article  Google Scholar 

  25. J.G. Steiner, C. Neuman, and J.I. Schiller. Kerberos: An authentication service for open network systems. In Usenix 1987 Winter Conference, pages 191–202, January 1988.

    Google Scholar 

  26. Sun Microsystems. RFC 1057: RPC: Remote procedure call protocol specification: Version 2. Internet Activities Board, June 1988.

    Google Scholar 

  27. Edward Wobber, Martín Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12(1):3–32, February 1994.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM Thomas J. Watson Research Center, 30 Saw Mill River Rd., Hawthorne, NY, 10532, USA

    Leendert van Doorn

  2. Systems Research Center, Compaq, 130 Lytton Avenue, Palo Alto, CA, 94301, USA

    Martín Abadi, Mike Burrows & Edward Wobber

Authors
  1. Leendert van Doorn
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martín Abadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mike Burrows
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Edward Wobber
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Object Systems Group, University of Geneva, CH-1211, Geneva 4, Switzerland

    Jan Vitek

  2. Department of Computer Science, O’Reilly Institute, Trinity College Dublin, Dublin 2, Ireland

    Christian D. Jensen

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

van Doorn, L., Abadi, M., Burrows, M., Wobber, E. (1999). Secure Network Objects. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_18

Download citation

  • DOI: https://doi.org/10.1007/3-540-48749-2_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66130-6

  • Online ISBN: 978-3-540-48749-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics