Distributed Privilege Enforcement in PACS
نویسندگان
چکیده
We present a new access control mechanism for P2P networks with distributed enforcement, called P2P Access Control System (PACS). PACS enforces powerful access control models like RBAC with administrative delegation inside a P2P network in a pure P2P manner, which is not possible in any of the currently used P2P access control mechanisms. PACS uses client-side enforcement to support the replication of confidential data. To avoid a single point of failure at the time of privilege enforcement, we use threshold cryptography to distribute the enforcement among the participants. Our analysis of the expected number of messages and the computational effort needed in PACS shows that its increased flexibility comes with an acceptable additional overhead.
منابع مشابه
Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications
Large scale distributed applications combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security issues, caused by the complexity of the operating environment. In particular, policies at multiple layers and locations force conventional mechanisms such as firewalls and compartmented file storage into roles wher...
متن کاملPRIMA - Privilege Management and Authorization in Grid Computing Environments
Computational grids and other heterogeneous, large-scale distributed systems require more powerful and more flexible authorization mechanisms to realize fine-grained access-control of resources. Computational grids are increasingly used for collaborative problem-solving and advanced science and engineering applications. Usage scenarios for advanced grids require support for small, dynamic worki...
متن کاملSpecifying and enforcing the principle of least privilege in role-based access control
The principle of least privilege in role-based access control (RBAC) is an important area of research. There are two crucial issues related to it: the specification and the enforcement. We believe that existing least privilege specification schemes are not comprehensive enough and few of the enforcement methods are likely to scale well. In this paper, we formally define the basic principle of l...
متن کاملThe PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments
Many grid usage scenarios depend on small, dynamic working groups for which the ability to establish transient collaboration with little or no intervention from resource administrators is a key requirement. The system developed, PRIMA, focuses on the issues of management and enforcement of fine-grained privileges. Dynamic account creation and leasing as well as expressive enforcement mechanisms...
متن کاملActive privilege management for distributed access control systems
The last decade has seen the explosive uptake of technologies to support true Internet-scale distributed systems, many of which will require security. The policy dictating authorisation and privilege restriction should be decoupled from the services being protected: (1) policy can be given its own independent language syntax and semantics, hopefully in an application independent way; (2) policy...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009