skip to main content
10.1145/1774088.1774233acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

CapaCon: access control mechanism for inter-device communications through TCP connections

Published: 22 March 2010 Publication History

Abstract

We present CapaCon, an access control mechanism for interdevice communications through TCP connections. CapaCon provides capability-based access control for a system composed of devices. Using CapaCon, an administrator does not need to set access control policies for each device and can manage these policies outside the system. A capability consists of an object device identifier and the list of permitted operations for that object device. Subject devices that maintain capabilities can access object devices corresponding with those capabilities. To protect a capability from being fabricated, CapaCon uses a digital signature. CapaCon can be used without modifying existing device programs. We analyzed the safety of capabilities in CapaCon, and measured network throughputs and processing times of CapaCon. These experimental results show the practicality of CapaCon.

References

[1]
M. Accetta, R. Baron, W. Bolosky, D. Rashid, A. Tevanian, and M. Young. Mach: A New Kernel Foundation for UNIX Development, In Proc. of USENIX Summer Conference, pp. 93--112, 1986.
[2]
O. Andreasson. Iptables Tutorial 1.2.0, 2005.
[3]
J. S. Chase, H. M. Levy, M. J. Feeley, and E. D. Lazowska. Sharing and Protection in a Single-Address-Space Operating System, ACM Trans. on Computer Systems, 12(4), 1994.
[4]
M. Crispin. Internet Message Access Protocol - Version 4rev1, RFC 3501, Mar. 2003.
[5]
DLNA (Digital Living Network Alliance). DLNA Overview and Vision Whitepaper 2007, 2007.
[6]
C. Ellison. UPnP Security Ceremonies Design Document for UPnP Device Architecture 1.0, 2003.
[7]
R. Geambasu, M. Balazinska, S. D. Gribble, and H. M. Levy. HomeViews: Peer-to-Peer Middleware for Personal Data Sharing Applications, In Proc. of the 2007 ACM SIGMOD international conference on Management of data, pp. 235--246, 2007.
[8]
M. Hirano, T. Okuda, and S. Yamaguchi. Design and Implementation of an Inter-Device Authentication Framework Guaranteeing Explicit Ownership, IPSJ Digital Courier, Vol. 4, pp. 114--127, 2008.
[9]
J. Klensin. Simple Mail Transfer Protocol, RFC 5321, Oct. 2008.
[10]
H. M. Levy. Capability-Based Computer Systems, Digital Press, 1984.
[11]
M. Mabuchi, Y. Shinjo, A. Sato, and K. Kato. An Access Control Model for Web-Services that Supports Delegation and Creation of Authority, In Proc. of Seventh International Conference on Networking, pp. 213--222, 2008.
[12]
S. J. Mullender, G. Rossum, A. S. Tenenbaum, R. van Renesse, and H. van Staveren. Amoeba: A Distributed Operating System for the 1990s, IEEE Computer, Vol. 23, pp. 44--53, 1990.
[13]
J. Myers. Simple Authentication and Security Layer (SASL), RFC 2222, Oct. 1997.
[14]
J. T. Regan, and C. D. Jensen. Capability File Names: Separating Authorization from User Management in an Internet File System, In Proc. of USENIX Security Symposium, pp. 211--233, 2001.
[15]
J. Rosenberg, H. Shulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. SIP: Session Initiation Protocol, RFC3261, Jun. 2002.
[16]
J. S. Shapiro, J. M. Smith, and D. J. Farber. EROS: a Fast Capability System, In Proc. of Symposium on Operating Systems Principles, pp. 170--185, 1999.
[17]
A. Silberschatz, P. B. Galvin, and G. Gagne. Operating System Concepts, Wiley, 2008.
[18]
J. Stichbury, and M. Jacobs. The Accredited Symbian Developer Primer, Fundamental of Symbian OS, John Wiley & Sons Inc, 2006.
[19]
Sun Microsystems Inc. System Administration Guide: Security Services, 2008.
[20]
K. Suzuki, G. Mito, H. Kawamoto, Y. Hasegawa, and Y. Sankai. Intention-Based Walking Support for Paraplegia Patients with Robot Suit HAL, Advanced Robotics, Vol. 21, No. 12, pp. 1441--1469, 2007.
[21]
S. Suzuki, Y. Shinjo, T. Hirotsu, K. Itano, and K. Kato. Capability-based egress network access control by using DNS server, Journal of Network and Computer Applications, pp. 1275--1282, 2007.
[22]
UPnP Forum. UPnP Device Architecture 1.0, 2008.
[23]
R. N. M. Watson. TrustedBSD: Adding Trusted Operating System Features to FreeBSD, In Proc. of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX'01), pp. 15--28, 2001.
[24]
C. Wright, C. Cowan, and J. Morris. Linux security modules: general security support for the linux kernel, In Proc. of USENIX Security Symposium, pp. 213--226, 2003.
[25]
W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, and F. Pollack. HYDRA: The Kernel of a Multiprocessor Operating System, Communication of the ACM, Vol. 17, No. 6, pp. 337--345, 1974.
[26]
W. Yeong, T. Howes, S. Kille. X.500 Lightweight Directory Access Protocol, RFC1487, July. 1993.

Index Terms

  1. CapaCon: access control mechanism for inter-device communications through TCP connections

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing
      March 2010
      2712 pages
      ISBN:9781605586397
      DOI:10.1145/1774088
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 22 March 2010

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. access control
      2. capabilities
      3. inter-device communications
      4. network security

      Qualifiers

      • Research-article

      Conference

      SAC'10
      Sponsor:
      SAC'10: The 2010 ACM Symposium on Applied Computing
      March 22 - 26, 2010
      Sierre, Switzerland

      Acceptance Rates

      Overall Acceptance Rate 470 of 1,986 submissions, 24%

      Upcoming Conference

      SAC '25
      The 40th ACM/SIGAPP Symposium on Applied Computing
      March 31 - April 4, 2025
      Catania , Italy

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 128
        Total Downloads
      • Downloads (Last 12 months)0
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 16 Jan 2025

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media