A Capability-based System to Enforce Context-aware Permission Sequence
Date
2020-01-31
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
With the rise of the Internet of Things, the need for distributed authorization is fast growing. We consider a capability-based distributed authorization system where a client obtains access tokens (capabilities) from an authorization server and by presenting them to a resource server, obtains access. We propose a capability system that provides efficient and refined (conditional) access to resources. It supports “ordered permission” and “context”, and so allows a sequence of permissions to be enforced, each with their own specific context. We prove the safety property of this system for these conditions, show how it can be incorporated in the OAuth framework, and give an implementation of the system - Griffin that uses OAuth 2.0 with proof-of-possession token and attribute-based access control model.
Description
Keywords
Security and Privacy, Distributed Authorization, Internet of Things, Access Control, Security Protocols
Citation
Li, S. (2020). A Capability-based System to Enforce Context-aware Permission Sequence (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca.