WAVE: A Decentralized Authorization Framework with Transitive Delegation
Michael P Andersen, Sam Kumar, Moustafa AbdelBaky, Gabe Fierro, John Kolb, Hyung-Sin Kim, David E. Culler, and Raluca Ada Popa,University of California, Berkeley
Most deployed authorization systems rely on a central trusted service whose compromise can lead to the breach of millions of user accounts and permissions.We present WAVE, an authorization framework offeringdecentralized trust: no central services can modify or see permissions and any participant can delegate a portion of their permissions autonomously. To achieve this goal, WAVE adopts an expressive authorization model, enforces it cryptographically, protects permissions via a novel encryption protocol while enabling discovery of permissions, and stores them in an untrusted scalable storage solution. WAVE provides competitive performance to traditional authorization systems relying on central trust. It is an open-source artifact and has been used for two years for controlling 800 IoT devices.
USENIX Security '19 Open Access Videos Sponsored by
King Abdullah University of Science and Technology (KAUST)
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone.Support USENIX and our commitment to Open Access.
author = {Michael P Andersen and Sam Kumar and Moustafa AbdelBaky and Gabe Fierro and John Kolb and Hyung-Sin Kim and David E. Culler and Raluca Ada Popa},
title = {{WAVE}: A Decentralized Authorization Framework with Transitive Delegation},
booktitle = {28th USENIX Security Symposium (USENIX Security 19)},
year = {2019},
isbn = {978-1-939133-06-9},
address = {Santa Clara, CA},
pages = {1375--1392},
url = {https://www.usenix.org/conference/usenixsecurity19/presentation/andersen},
publisher = {USENIX Association},
month = aug
}
