Advertisement

A Decentralized Access Control Model for Dynamic Collaboration of Autonomous Peers

Conference paper
  • 1.5k Downloads
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 164)

Abstract

Distributed applications are often composed of autonomous components that are controlled by different stakeholders. Authorization in such a scenario has to be enforced in a decentralized way so that administrators retain control over their respective resources. In this paper, we define a flexible access control model for a data-driven coordination middleware that abstracts the collaboration of autonomous peers. It supports the definition of fine-grained policies that depend on authenticated subject attributes, content properties and context data. To enable peers to act on behalf of others, chained delegation is supported and permissions depend on trust assumptions about nodes along this chain. Besides access to data, also service invocations, dynamic behavior changes and policy updates can be authorized in a unified way. We show how this access control model can be integrated into a secure middleware architecture and provide example policies for simple coordination patterns.

Keywords

ABAC Delegation P2P Coordination middleware 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ao, X., Minsky, N.H.: Flexible regulation of distributed coalitions. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 39–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Ahmed, T., Tripathi, A.R.: Security Policies in Distributed CSCW and Workflow Systems. IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans 40(6), 1220–1231 (2010)CrossRefGoogle Scholar
  3. 3.
    Gomi, H., Hatakeyama, M., Hosono, S., Fujita, S.: A delegation framework for federated identity management. In: 2005 Workshop on Digital Identity Management, pp. 94–103. ACM (2005)Google Scholar
  4. 4.
    Chadwick, D., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.A.: PERMIS: A modular authorization infrastructure. Concurrency Computation Practice and Experience 20(11), 1341–1357 (2008)CrossRefGoogle Scholar
  5. 5.
    Crispo, B., Sivasubramanian, S., Mazzoleni, P., Bertino, E.: P-Hera: scalable fine-grained access control for P2P infrastructures. In: 11th International Conference on Parallel and Distributed Systems, vol. 1, pp. 585–591. IEEE (2005)Google Scholar
  6. 6.
    Kühn, E., Craß, S., Joskowicz, G., Marek, A., Scheller, T.: Peer-based programming model for coordination patterns. In: De Nicola, R., Julien, C. (eds.) COORDINATION 2013. LNCS, vol. 7890, pp. 121–135. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Kühn, E., Mordinyi, R., Keszthelyi, L., Schreiber, C.: Introducing the concept of customizable structured spaces for agent coordination in the production automation domain. In: 8th International Conference on Autonomous Agents and Multiagent Systems, vol. 1, pp. 625–632. IFAAMAS (2009)Google Scholar
  8. 8.
    Carriero, N., Gelernter, D.: Linda in context. Communications of the ACM 32(4), 444–458 (1989)CrossRefGoogle Scholar
  9. 9.
    Craß, S., Dönz, T., Joskowicz, G., Kühn, E., Marek, A.: Securing a Space-Based Service Architecture with Coordination-Driven Access Control. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 4(1), 76–97 (2013)Google Scholar
  10. 10.
    Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: 2005 IEEE International Conference on Web Services, pp. 561–569. IEEE (2005)Google Scholar
  11. 11.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  12. 12.
    Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)CrossRefGoogle Scholar
  13. 13.
    Moses, T.: eXtensible Access Control Markup Language (XACML) Version 2.0. Standard, OASIS (2005)Google Scholar
  14. 14.
    Craß, S., Dönz, T., Joskowicz, G., Kühn, E.: A coordination-driven authorization framework for space containers. In: 7th International Conference on Availability, Reliability and Security, pp. 133–142. IEEE (2012)Google Scholar
  15. 15.
    Kühn, E., Craß, S., Schermann, G.: Extending a peer-based coordination model with composable design patterns. In: 23rd Euromicro International Conference on Parallel, Distributed and Network-Based Processing, pp. 53–61. IEEE (2015)Google Scholar
  16. 16.
    Gasser, M., McDermott, E.: An architecture for practical delegation in a distributed system. In: IEEE Computer Society Symposium on Research in Security and Privacy, pp. 20–30. IEEE (1990)Google Scholar
  17. 17.
    Opyrchal, L., Prakash, A., Agrawal, A.: Designing a publish-subscribe substrate for privacy/security in pervasive environments. In: 2006 ACS/IEEE International Conference on Pervasive Services, pp. 313–316. IEEE (2006)Google Scholar
  18. 18.
    Cremonini, M., Omicini, A., Zambonelli, F.: Coordination and access control in open distributed agent systems: the TuCSoN approach. In: Porto, A., Roman, G.-C. (eds.) COORDINATION 2000. LNCS, vol. 1906, pp. 99–114. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Benigni, F., Brogi, A., Buchholz, J.L., Jacquet, J.M., Lange, J., Popescu, R.: Secure P2P programming on top of tuple spaces. In: 17th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 54–59. IEEE (2008)Google Scholar

Copyright information

© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015

Authors and Affiliations

  1. 1.Institute of Computer LanguagesTU WienViennaAustria

Personalised recommendations

Cite paper

Buy options