An Optimistic Mandatory Access Control Model for Distributed Collaborative Editors
نویسندگان
چکیده
Distributed Collaborative Editors (DCE) provide computer support for modifying simultaneously shared documents, such as articles, wiki pages and programming source code, by dispersed users. Controlling access in such systems is still a challenging problem, as they need dynamic access changes and low latency access to shared documents. In this paper, we propose a Mandatory Access Control (MAC) based on replicating the shared document and its authorization policy at the local memory of each user. To deal with latency and dynamic access changes, we use an optimistic access control technique where enforcement of authorizations is retroactive. We show that naive coordination between updates of both copies can create security hole on the shared document by permitting illegal modification, or rejecting legal modification. Finally, we present a novel framework for managing authorizations in collaborative editing work which may be deployed easily on P2P networks. Key-words: Access Control, Optimistic Replication, Distributed Collaborative Editors. ∗ INRIA Nancy Grand Est & Univ. Nancy 2, UMR 7503 ([email protected]). † INRIA Nancy Grand Est & Univ. Nancy 2, UMR 7503 ([email protected]). ‡ INRIA Nancy Grand Est, UMR 7503 ([email protected]). in ria -0 03 81 94 1, v er si on 1 6 M ay 2 00 9 Modèle Optimiste de Contrôle d’Accès Obligatoire pour les Editeurs Collaboratifs Résumé : Les éditeurs collaboratifs fournissent un support logiciel pour la modification simultanée des documents partagés, comme des articles, des pages wiki et du code source des programmes, par des utilisateurs dispersés géographiquement. Le contrôle d’accès dans de tels systèmes demeure toujours un challenge difficile, car ils nécessitent des accès dynamiques ainsi qu’une faible latence pour accéder aux documents partagés. Dans ce rapport, nous proposons un contrôle d’accès obligatoire qui se base sur la réplication du document partagé ainsi que sa politique d’accès. Pour traiter des problèmes de la latence et les accès dynamiques, nous utilisons une technique de contrôle d’accès optimiste où l’exécution des autorisations est rétroactive. Nous montrons qu’une coordination naı̈ve entre les mises à jour des deux copies peut causer des failles de sécurité en permettant des modifications illégales ou en rejetant des modifications légales. Enfin, nous présentons un nouvel environnement pour la gestion des autorisations dans des éditeurs collaboratifs qui peut être facilement déployé sur des réseaux P2P. Mots-clés : Contrôle d’accès, Réplication Optimiste, Editeurs Collaboratifs. in ria -0 03 81 94 1, v er si on 1 6 M ay 2 00 9 An Optimistic Mandatory Access Control Model for Distributed Collaborative Editors 3
منابع مشابه
A Flexible Access Control Model for Distributed Collaborative Editors
Distributed Collaborative Editors (DCE) provide computer support for modifying simultaneously shared documents, such as articles, wiki pages and programming source code, by dispersed users. Controlling access in such systems is still a challenging problem, as they need dynamic access changes and low latency access to shared documents. In this paper, we propose a flexible access control model wh...
متن کاملCAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کاملA Model for Collaborative Services in Distributed Learning Environments1
Synchronous collaborative work environments, which are mainly based on video-conferencing systems, suffer a lack of human communication channels and social awareness because mostly only audio, video, and joint editing of documents are supported. Collaborative services such as floor control, session control, and telepointers provide additional communication mechanisms to support persons co-worki...
متن کاملA Model for Collaborative Services in Distributed Learning Environments
Synchronous collaborative work environments, which are mainly based on video-conferencing systems, suffer a lack of human communication channels and social awareness because mostly only audio, video, and joint editing of documents are supported. Collaborative services such as floor control, session control, and telepointers provide additional communication mechanisms to support persons co-worki...
متن کاملA Secure Real-Time Concurrency Control Protocol for Mobile Distributed Real-Time Databases
A class of security-critical applications with the requirements of timing constraints, such as wireless stock trading, power network scheduling, real-time traffic information management, etc., demand the support of mobile distributed real-time database systems. For the class of applications, mobile distributed realtime database systems must simultaneously satisfy two requirements in guaranteein...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009