Capability security for distributed object systems

Cryptography – Cryptanalysis

Patent

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

380 25, 395680, 395683, G06F 15163

Patent

active

058526668

ABSTRACT:
A system providing capability security for distributed object systems is disclosed. The basic tenet of capability security is that the right to do something to an object (e.g., invoke a particular object's methods) is represented solely by the holding of a reference to that object. In each of the preferred embodiments described herein, an object is presumed to hold legitimately a reference to a particular object only if the object knows some unpublicized (except under the conditions required by capability security) key associated with the particular object. That is, an object's key is required along with the object's reference. So that capability security is preserved when object references are passed between objects in different processes, the object references being passed are encrypted upon transmission and then decrypted upon arrival at their intended destination. This cryptography can be performed by objects or processes using a variety of techniques, including Diffie-Helman or public/private key cryptography. The cryptography performed in the various embodiments ensures that only the intended recipient of the message can decode the object reference and that a misbehaving object cannot convince another object that it possesses a capability it does not have. Some of the disclosed embodiments provide capability security for distributed object systems wherein the objects and processes directly handle inter-object and inter-process communications and message encryption and decryption.

REFERENCES:
patent: 5414852 (1995-05-01), Kramer et al.
Marc Shapiro, et al.: Some Key Issues in the Design of Distributed Garbage Collection and References (Apr. 15, 1994)pp. 1-13.
M. Anderson, et al.: A Password-Capability System (19886) The Computer Journal, vol. 29, No. 1.
Andrew Birrell, et al.: Network Objects (SRC Research Reports #115) (Feb. 28, 1994) pp. 1-65.
Andrew Birrell, et al.: Distributed Garbage Collection for Network Objects (SRC Research Report #116) pp. 1-18.
Norm Hardy, The Confused Deputy (1985) 2 pages.
A.S. Tanenbaum, et al.: Using Sparse Capability in a Distributed Operating System (1986) Proc. Sixth Int'l Conf. On Distributed Computing Systems, IEEE, pp. 558-563.
Robert D. Sansom, et al.: Extending a Capability Based System Into a Network Environment (1986) Research sponsored by DOD, pp. 265-274.
List of Ameoba Papers, 3 pages.
Robert van Renesse, et al.: Wide-Area Communication Under Amoeba (Dec. 1986) IR-117, Vrije Universiteit, pp. 114-126.
Robert van Renesse, et al.: Connecting RPC-Based Distributed Systems Using Wide-Area Networks (1987) Proc. Seventh Int'l Conf. on Distr. Comp. Systems, IEEE, pp. 28-34.
Robert van Renesse, et al.: The Performance of the Amoeba Distributed Operating System (Mar. 1989) Software -Practice and Experience, vol. 19, pp. 223-234.
M. Frans Kaashoek, et al.: Transparent Fault-Tolerance in Parallel ORCA Programs (Mar. 1992) Symposium on Experiences with Distributed and Multiprocessor Systems III, Newport Beach, pp. 297-312.
Robert van Renesse, et al.: Voting With Ghosts (1988) Proc. Eighth Int'l. Conf. on Distr. Computer Systems, IEEE, pp. 456-461.
Henri E. Bal: A Comparative Study of Five Parallel Programming Languages (1991) EurOpen Spring 1991 Conference on Open Distributed Systems, Tromso, pp. 209-228.
Henri E. Bal: Replication Techniques for Speeding up Parallel Applications on Distributed Systems (Oct. 1989) IR-202, Vrije Universiteit, pp. 1-19.
Tanenbaum, et al.: An Introduction to Amoeba, Vrije Universiteit, pp. 2-7.
S.J. Mullender, et al.: Amoeba -A Distributed Operating System for the 1990s (May 1990) Computer, Published by IEEE Computer Society, pp. 44-53.
F. Douglis, et al.: A Comparison of Two Distributed Systems: Amoeba and Sprite (Dec. 1991) Computing Systems, vol. 4, No. 3, pp. 353-384.
Henri E. Bal et al.: Distributed Programming with Shared Data (1988) IEEE Conf. on Computer Languages, IEEE, pp. 82-91.
Henri E. Bal et al.: Orca: A Language for Distributed Programming (Dec. 1987) IR-140, Vrije Universiteit, pp. 192-199.
G. van Rossum: AIL -A Class-Oriented RPC Stub Generator for Amoeba (1989) Proc. of the Workshop on Experience with Distr. Systems, Springer Verlag, pp. 82-90.
S.J. Mullender: Distributed Operating Systems: State-of-the-Art and Future Directions (1988) Proc. of the EUTECO 88 Conf., Vienna, Austria, pp. 53-60.
R. van Renesse, et al.: The Design of a High-Performance File Server (1989) Proc. Ninth Int'l Conf. on Distr. Comp. Systems, IEEE, pp. 22-27.
E.H. Baalbergen: Design and Implementation of Parallel Make (Spring 1988) Computing Systems, vol. 1, pp. 135-158.
A.S. Tanenbaum: The Amoeba Distributed Operating System (1993) Vrije Universiteit, 12 pages.
M.F. Kaashoek, et al.: An Efficient Reliable Broadcast Protocol (Oct. 1989) Operating Systems Review, vol. 23, pp. 5-19.
M.F. Kaashoek, et al.: Efficient Reliable Group Communication for Distributed Systems (Jun. 1992) IR-295, Vrije Universiteit, Amsterdam, pp. 1-51.
Overview of Amoeba, pp. 2-13.
C.R. Landau: Security in a Secure Capability-Based System (Oct. 1989) Operating Systems Review, 3 pages.
Sun Microsystems Laboratories, Inc.; SunConnect, Inc., Agorics, Inc.: Real-Time Video Delivery with Market-Based Resource Allocation, pp. 1-25.
Agorics Technical Report ADd004.4P: Joule: Distributed Application Foundations (Nov. 1994) pp. 1-93.
Netscape Communications Corporation: SSL v3.0: N Standards Documentation (1995), pp.
B.W. Lampson: A Note on the Confinement Problem (1973) ACM, vol. 16, No. 10, 5 pages.
A.S. Tanenbaum: Distributed Operating Systems (1995) Vrije Universiteit, Amsterdam, The Netherlands, (1995) Prentice Hall.
D. Hellman: Weak Table References, five vague descriptions.
Miller, et al.: Markets and Computation: Agoric Open Systems (1988) The Ecology of Computation, pp. 1-44.
USA-Japan Computer Conference Proceedings: Table of Contents (Oct. 1978).
Strom, et al.: Optimistic Recovery: An Asynchronous Approach to Fault-Tolerance in Distributed Systems (Proc. FTCS-14, Jun. 1984) IEEE, pp. 374-379.
Kahn, et al.: Money as a Concurrent Logic Program (1988) pp. 1-23.
S.E. Abdullahi, et al.: Collection Schemes for Distributed Garbage, (Sep. 1992) Int'l. Workshop on Memory Management (IWMM) 92, Springer Verlag, pp. 43-81.
P.B. Bishop: Computers with a Large Address Space and Garbage Collection (May 1977) MIT Lab. For Computer Science (LCS) Technical Rpt. 178, MIT, Cambridge, MA.
W.D. Clinger: Foundations of Actor Semantics (May 1981) MIT, Cambridge, MA.
J.E. Donnelley: Managing Domains in a Network Operating System (1981) Proceedings of the Conference on Local Networks and Distributed Office Systems, Online, pp. 345-361.
C.N.R. Dellar: Removing Backing Store Administration from the Cap Operating System (1980) Operating Systems Review, vol. 14, No. 4, pp. 41-49.
A. Elhabash, et al.: Garbage Collection in an Object Oriented, Distributed, Persistent Environment (1990) ECOOP/OOPSLA '90 Workshop on Garbage Collection.
Hardy U.S. Patent No. 4,584,639 dated Apr. 22, 1986: Computer Security System.
P. Ferreira, et al.: Larchant: Persistence by Reachability in Distributed Shared Memory Through Garbage Collection (May 1996) 16th Intl. Confer. On Distributed Computer Systems (ICDCS) Hong Kong, pp. 1-8.
N. Hardy: KeyKOS Architecture (Sep. 1985) Operating System Review, pp. 1-23.
K. Kahn, et al.: Language Design and Open Systems, The Ecology of Computation (1981), pp. 1-25.
E. Kolodner: Atomic Incremental Garbage Collection and Recovery for Large Stable Heaps Implementing Persistent Object Bases: Principles and Practice, 4th Intl. Workshop on Persistent Object Systems, Morgan Kaugman, San Mateo, CA (1991).
H. Levy: Capability-And Object-Based System Concepts, Digital Press (1984) pp. 1-18.
M.S. Miller, et al.: Logical Secrets, Concurrent Prolog: Collected Papers, vol. 2, MIT Press (1987) pp. 140-161.
J.E.B. Moss: Garbage Collecting Persistent Object Stores, ECOOP/OOPSLA '90 Workshop on Garbage Collection (Oct. 1990) pp. 1-5.
S.J. Mullender: Accounting and Resource Control, Distributed Systems, edited by S.J. Mullender, ACM (1989) pp. 133-145.
D. Plainfosse, et al.: A

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Capability security for distributed object systems does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Capability security for distributed object systems, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Capability security for distributed object systems will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-2053992

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.