Access Control Using Hidden

Software Capabilities

D. Hagimont, L. Ismail, J. Mossière

SIRAC Project (IMAG-INRIA)

INRIA, 655 av. de l'Europe,

38330 Montbonnot Saint-Martin, France

Internet: {Daniel.Hagimont, Leila.Ismail, Jacques.Mossiere}@imag.fr

Protection is a crucial aspect of distributed computing, in particular when users co-operate using shared objects or shared programs. Recently, we proposed a new protection model based on hidden software capabilities [1].

Software capabilities are a very convenient means to protect co-operating applications since they allow access rights to be dynamically exchanged between mutually suspicious interacting applications. However, in all the proposed approaches, capabilities are integrated into the programming language level, which requires application developers "to wire" protection definition in the application code, to the detriment of both flexibility and reusability.

In our model, called hidden software capabilities, the protection rules are described in an Interface Definition Language which is separated from the application code. This allows the specification of protection for existing modules and to easily change the protection policy of an application.

Our claim is that this protection model is well suited to a wide range of environments, from clusters of tightly coupled servers to large loosely coupled servers on the Internet. It is specially interesting when applications are built by assembling many existing pieces of code. We verified our claim by prototyping our model within three different environments:

The poster will present the hidden capabilities model and its implementation. A demonstration of our Java prototype will be presented.

[1] D. Hagimont, J. Mossière, X. Rousset de Pina, and F. Saunier, "Hidden Software Capabilities", Proceedings of the 16th International Conference on Distributed Computing Systems, pp. 282-289, May 1996.

[2] D. Hagimont, O. Huet, and J. Mossière, "A Protection Scheme for a CORBA Environment", Presented at the ECOOP Workshop on CORBA, June 1997.

[3] D. Hagimont and L. Ismail, "A Protection Scheme for Mobile Agents on Java", Accepted for publication at the 3rd ACM/IEEE International Conference on Mobile Computing and Networking, Budapest, September 1997.