Abstract
Capability-based addressing is an attractive mechanism to control access to information in an object-oriented system. Several capability-based systems have been built in the past, but most of them proved to be unsatisfactory because they suffered from severe performance penalties due to a number of implementation problems. In the MONADS-PC these problems have been solved by providing dedicated architectural support for a two-level capability scheme which is used to efficiently address and protect segments in its large uniform virtual memory and to control access to the semantic operations of major objects. Although this organization has many advantages for protecting information within a MONADS PC system, it is not sufficient to cope with the security attacks outside its sphere of control, such as physically copying software from removable storage devices or intercepting insecure communication lines in a network of computers. One way to avoid such security violations is to use encryption techniques. The focus of our research is to investigate the suitability of different encryption techniques in a MONADS environment. We discuss the issues involved in using encryption in conjunction with capabilities and postulate that both methods are necessary to provide a high degree of system security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
D.A. Abramson and J.L. Keedy. Implementing a Large Virtual Memory in a Distributed Computing System. In Proc. of the 18th Hawaii Int. Conference on System Sciences, pages 515–522, 1985.
S.G. Akl. Digital Signatures: A Tutorial Survey. IEEE Computer, 2: 15–24, 1983.
P. Brössler, F.A. Henskens, J.L. Keedy, and J. Rosenberg. Addressing Objects in a Very Large Distributed Virtual Memory. In Proc. of the IFIP Conference on Distributed Processing, pages 105–116, Amsterdam, 1987. North Holland.
M. Evered and J.L. Keedy. A Model for Protection in Persistent Object—Oriented Systems. In Proc. of the Int. Workshop on Computer Architectures to Support Security and Persistence, pages 5(1)–5(15), Bremen, West Germany, 1990.
R.S. Fabry. Capability Based Addressing. Communications of the ACM, 17 (7), 1974.
M. Groß. How to Achieve Trustworthy Basis Systems With Secure Booting. Technical Report, GMD Darmstadt, 1989.
A. Herzberg and S. Pinter. Public Protection of Software. ACM Transactions on Computer Systems, 5 (11): 371–393, 1987.
IBM. IBM System/38 Technical Developments. IBM General Systems Division, 1980.
INTEL. Introduction to the iAPX432 Architecture. INTEL Corporation, no. 17821-001 edition, 1981.
A.K. Jones. The Object Model, a Conceptual Tool for Structuring Software, volume 60 of Lecture Notes in Computer Science, pages 7–16. Springer-Verlag, 1978.
A. Kalinski, R. Rivest, and S. Sherman. Is DES a Pure Cipher, volume 218 of Lecture Notes in Computer Science, pages 212–221. Springer-Verlag, 1985.
J.L. Keedy. An Implementation of Capabilities without a Central Mapping Table. In Proc. of the 17th Hawaii Int. Conference on System Sciences, pages 180–185, 1984.
J.L. Keedy. The MONADS-PC System: A Programmer’s Overview. Technical Report 8-89, University of Bremen, 1989.
E. Kranakis. Primality and Cryptography. Teubner-Verlag, Stuttgart, 1986.
C. Meyers and S. Matyas. Cryptography. Wiley KATHamp; Sons, 1982.
R.M. Needham. The CAP Project — an Interim Evaluation. In Proc. of the ACM Symposium on Operating System Principles, pages 17–22, 1977.
H. Paetzold. Encryption Methods for Distributed Systems (in German). Master’s thesis, University of Darmstadt, Dept. of Computer Science, 1989.
R. Rivest, A. Shamir, and A. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, 21 (2): 120–126, 1978.
J. Rosenberg and D.A. Abramson. MONADS-PC: A Capability Based Workstation to Support Software Engineering. In Proc. of the 18th Hawaii Int. Conference on System Sciences, 1985.
H. Sedlack and U. Golze. A Public Key Code Cryptography Processor. Informationstechnik, 281 (3): 157–161, 1986.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1990 British Computer Society
About this paper
Cite this paper
Freisleben, B., Kammerer, P., Keedy, J.L. (1990). Capabilities and Encryption: The Ultimate Defense Against Security Attacks ?. In: Rosenberg, J., Keedy, J.L. (eds) Security and Persistence. Workshops in Computing. Springer, London. https://doi.org/10.1007/978-1-4471-3178-6_8
Download citation
DOI: https://doi.org/10.1007/978-1-4471-3178-6_8
Publisher Name: Springer, London
Print ISBN: 978-3-540-19646-4
Online ISBN: 978-1-4471-3178-6
eBook Packages: Springer Book Archive