Efficient proving for distributed access-control systems
نویسندگان
چکیده
We present a new algorithm for generating a formal proof that an access request satisfies access-control policy, for use in logic-based access-control frameworks. Our algorithm is tailored to settingswhere credentials needed to complete a proof might need to be obtained from, or reactively createdby, distant components in a distributed system. In such contexts, our algorithm substantially improvesupon previous proposals in both computation and communication costs, and better guides users to createthe most appropriate credentials in those cases where needed credentials do not yet exist. At the sametime, our algorithm offers strictly superior proving ability, in the sense that it finds a proof in everycase that previous approaches would (and more). We detail our algorithm and empirically evaluate animplementation of it using policies in active use in a testbed at our institution for experimenting withaccess-control technologies.
منابع مشابه
Efficient Proving for Practical Distributed Access-Control Systems
We present a new technique for generating a formal proof that an access request satisfies access-control policy, for use in logic-based access-control frameworks. Our approach is tailored to settings where credentials needed to complete a proof might need to be obtained from, or reactively created by, distant components in a distributed system. In such contexts, our approach substantially impro...
متن کاملAttribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملApplying the Composition Principle to Verify a Hierarchy of Security Servers
This paper describes how the composition principle of Abadi and Lamport can be applied to specify and compose systems where access control policies are distributed among a hierarchy of agents. Examples of such systems are layered secure operating systems, where the mandatory access control policy is enforced by the lowest system layer and discretionary and application-speciic policies are imple...
متن کاملE2DR: Energy Efficient Data Replication in Data Grid
Abstract— Data grids are an important branch of gird computing which provide mechanisms for the management of large volumes of distributed data. Energy efficiency has recently emerged as a hot topic in large distributed systems. The development of computing systems is traditionally focused on performance improvements driven by the demand of client's applications in scientific and business domai...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کامل