Snowflake project (1998-2000)

This project is no longer active; this page is no longer updated.

• Summary
• People
• Funding
• Papers

Related keywords: [security]

Summary

In the Snowflake project, we tackled the problem of naming and sharing resources across administrative boundaries. We developed a theory and implementation for restricted delegation, building on the classic "speaks-for" relation that forms the foundation of many authorization logics. In Snowflake, principals can delegate authority to other principles, but in a limited way; in earlier work, it was only possible for a principal to delegate all of its authority. The work is theoretically well-founded and yet practical to implement.

This work is most completely described in Howell's dissertation [howell:thesis]; the single most central paper is [howell:end-to-end].

People

Jon Howell and David Kotz.

Funding and acknowledgements

USENIX Association.

The views and conclusions contained on this site and in its documents are those of the authors and should not be interpreted as necessarily representing the official position or policies, either expressed or implied, of the sponsor(s). Any mention of specific companies or products does not imply any endorsement by the authors or by the sponsor(s).

Papers (tagged 'snowflake')

[Also available in BibTeX]

Papers are listed in reverse-chronological order. Follow updates with RSS.

2000:

• Jon Howell and David Kotz. End-to-end authorization. Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI), pages 151–164. USENIX Association, October 2000. [Details]
• Jon Howell and David Kotz. A Formal Semantics for SPKI. Proceedings of the European Symposium on Research in Computer Security (ESORICS), volume 1895 in Lecture Notes in Computer Science, pages 140–158. Springer-Verlag, October 2000. doi:10.1007/10722599_9. [Details]
• Jonathan R. Howell. Naming and sharing resources across administrative boundaries. PhD thesis, Dartmouth College Computer Science, Hanover, NH, June 2000. Available as Dartmouth Computer Science Technical Reports TR2000-378, 379, and 380. [Details]
• Jon Howell and David Kotz. Restricted delegation: seamlessly spanning administrative boundaries. ACM Operating Systems Review, volume 34, number 2, pages 38–39. ACM, April 2000. doi:10.1145/346152.346268. [Details]
• Jon Howell and David Kotz. A Formal Semantics for SPKI. Technical Report number TR2000-363, Dartmouth Computer Science, March 2000. [Details]

1999:

• Jon Howell and David Kotz. An Access-Control Calculus for Spanning Administrative Domains. Technical Report number PCS-TR99-361, Dartmouth Computer Science, November 1999. [Details]

1998:

• Jon Howell and David Kotz. Snowflake: Spanning Administrative Domains. Technical Report number PCS-TR98-343, Dartmouth Computer Science, December 1998. [Details]

[Kotz research]