Flux Research Group / School of Computing

CapNet: Security and Least Authority in a Capability-Enabled Cloud

Anton Burtsev, David Johnson, Josh Kunz, Eric Eide, and Jacobus (Kobus) Van der Merwe

Proceedings of the 2017 ACM Symposium on Cloud Computing (SoCC) 2017.

DOI: 10.1145/3127479.3131209

Networking, Security, Cloud


We present CapNet, a capability-based network architecture designed to enable least authority and secure collaboration in the cloud. CapNet allows fine-grained management of rights, recursive delegation, hierarchical policies, and least privilege. To enable secure collaboration, CapNet extends a classical capability model with support for decentralized authority. We implement CapNet in the substrate of a software-defined network, integrate it with the OpenStack cloud, and develop protocols enabling secure multi-party collaboration.