WAVE: A Decentralized Authorization Framework with Transitive Delegation

Authors: 

Michael P Andersen, Sam Kumar, Moustafa AbdelBaky, Gabe Fierro, John Kolb, Hyung-Sin Kim, David E. Culler, and Raluca Ada Popa, University of California, Berkeley

Abstract: 

Most deployed authorization systems rely on a central trusted service whose compromise can lead to the breach of millions of user accounts and permissions. We present WAVE, an authorization framework offering decentralized trust: no central services can modify or see permissions and any participant can delegate a portion of their permissions autonomously. To achieve this goal, WAVE adopts an expressive authorization model, enforces it cryptographically, protects permissions via a novel encryption protocol while enabling discovery of permissions, and stores them in an untrusted scalable storage solution. WAVE provides competitive performance to traditional authorization systems relying on central trust. It is an open-source artifact and has been used for two years for controlling 800 IoT devices.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {236196,
author = {Michael P Andersen and Sam Kumar and Moustafa AbdelBaky and Gabe Fierro and John Kolb and Hyung-Sin Kim and David E. Culler and Raluca Ada Popa},
title = {{WAVE}: A Decentralized Authorization Framework with Transitive Delegation},
booktitle = {28th {USENIX} Security Symposium ({USENIX} Security 19)},
year = {2019},
isbn = {978-1-939133-06-9},
address = {Santa Clara, CA},
pages = {1375--1392},
url = {https://www.usenix.org/conference/usenixsecurity19/presentation/andersen},
publisher = {{USENIX} Association},
month = aug,
}