Information Leakage and Capability Forgery in a Capability-Based Operating System Kernel.

The Password-Capability System has been designed as an operating system kernel suitable for general-purpose computing in a hostile environment. It has an access control mechanism based on password-capabilities, on top of which a confinement mechanism and a type management mechanism are layered. This paper studies the security of these mechanisms. We find that the mechanisms leak information which can be utilised by an attacker. Furthermore, we find that conditions placed on the generation of password-capabilities by the mechanisms enable the attacker to forge password-capabilities more efficiently than by exhaustive search. We show that all the discovered attacks can be prevented. This paves the way for the use of the mechanisms in a highly secure third-generation of the Password-Capability System. Keywords: Password-capabilities, access control, security analysis. [ABSTRACT FROM AUTHOR]