CapNet: Security and Least Authority in a Capability-Enabled Cloud
Proceedings of the 2017 ACM Symposium on Cloud Computing (SoCC) 2017.
DOI: 10.1145/3127479.3131209
© Copyright 2017 by authors
areas
Networking,
Security,
Cloud
abstract
We present CapNet, a capability-based network architecture designed to enable least authority and secure collaboration in the cloud. CapNet allows fine-grained management of rights, recursive delegation, hierarchical policies, and least privilege. To enable secure collaboration, CapNet extends a classical capability model with support for decentralized authority. We implement CapNet in the substrate of a software-defined network, integrate it with the OpenStack cloud, and develop protocols enabling secure multi-party collaboration.