first three charts (#2 - #4) from horton presentation at usenix hotsec
TRANSCRIPT
![Page 1: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/1.jpg)
First Three Charts (#2 - #4) from Horton Presentation at Usenix
HotSec
![Page 2: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/2.jpg)
Alice
Alice
Doc Chapters:
Chapter 1…
Chapter 1…
BobAlice
Communicating Object Access with Delegation
Initial Conditions:
Alice has: 1. A capability to send to Bob and 2. A capability to a document with chapters.
![Page 3: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/3.jpg)
Doc Chapters:
Chapter 1…
BobAlice
Alice
Capability Communication of the Document Reference
Alice
here’s( )
Chapter 1…
Alice sends a message to Bob containinga reference to the document.
![Page 4: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/4.jpg)
Alice
Alice
Doc Chapters:
Chapter 1…
Chapter 1…
BobAlice
Alice-
>Bob
Alice can’t act with Bob’s responsibilityBob can’t act with Alice’s responsibility
Horton Magic: Bob Receives a Delegated Capability
![Page 5: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/5.jpg)
Remaining Charts not presented during the Horton Presentation at
Usenix HotSec (Too rough, detailed, and inappropriate)
![Page 6: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/6.jpg)
CapDoc:Communicate Capabilities with Responsibility Delegation and
control
![Page 7: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/7.jpg)
The Web: Good, Bad, and Ugly:
1. Good: Internet hypertext, wonderful!
2. Bad: Username/passwords for every site that has any sort of access control.
3. Ugly: Hard to share limited access to network objects. Hard to combine network objects with access restrictions.
![Page 8: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/8.jpg)
Sends:BobSendEveSendIvanSend
Alice’s Domain
![Page 9: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/9.jpg)
CapWikiFinances:InvestorMarket
Ali ce’s
Alice’s Domain
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Sends:BobSendEveSendIvanSend
![Page 10: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/10.jpg)
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Alice’s Domain Bob’s Domain
Ali ce’s
Receives:AliceReceive
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Sends:BobSendEveSendIvanSend
![Page 11: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/11.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther Sends:
AliceSendDaveSend
CapWikiFinances:InvestorMarket
Alice’s Domain Bob’s Domain
Ali ce’s
Receives:*AliceReceive
Sends:BobSendEveSendIvanSend
![Page 12: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/12.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Alice’s Domain Bob’s Domain
Ali ce’ s
Alice BobSends:BobSendEveSendIvanSend
![Page 13: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/13.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Alice’s Domain Bob’s Domain
Ali ce’ s
Alice Bob
Alice Bob
Sends:BobSendEveSendIvanSend
![Page 14: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/14.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Alice’s Domain Bob’s Domain
Ali ce’ s
Here are theCapWiki:FinancesDave
Receives:BobReceiveDaves’s Domain
Bo b’s
Sends:BobSendEveSendIvanSend
Alice Bob
Alice Bob
![Page 15: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/15.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Ali ce’ s
Here are theCapWiki:FinancesDave
Receives:* BobReceiveDaves’s Domain
Bo b’s
Sends:BobSendEveSendIvanSend
Alice’s Domain Bob’s Domain
Alice Bob
Alice Bob
![Page 16: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/16.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Ali ce’ s
Here are theCapWiki:FinancesDave
Receives:BobReceive
Bo b’s
Bob D
ave
Sends:BobSendEveSendIvanSend
Daves’s Domain
Alice’s Domain Bob’s Domain
Alice Bob
Alice Bob
![Page 17: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/17.jpg)
CapWiki:CapWiki Stuff:ConceptsFinancesOther
Receives:*AliceReceive
Sends:AliceSendDaveSend
CapWikiFinances:InvestorMarket
Ali ce’ s
Here are theCapWiki:FinancesDave
Receives:BobReceive
Bo b’s
Bob D
ave
Alice Bob Dave
Sends:BobSendEveSendIvanSend
Alice’s Domain Bob’s Domain
Daves’s Domain
Alice Bob
Alice Bob
![Page 18: First Three Charts (#2 - #4) from Horton Presentation at Usenix HotSec](https://reader035.vdocuments.us/reader035/viewer/2022071806/56649d0e5503460f949e4559/html5/thumbnails/18.jpg)
Better Web Access Control• No more passwords – Send a <me>Send to a
<service>Send. They know who you are, you know who they are.
• Side benefit – SPAM resistance for capability enabled messages. Don’t like a source of SPAM, cut it off to any delegation level.
• Principle Of Least Authority (POLA) sharing that can facilitate cross site services.
• One concern (David Wagner) – unfamiliar authority sharing mechanism – may result in inappropriate granting of authority.