Access Control for Weakly Consistent Replicated Information Systems
Access control is an important aspect of information systems. It manages and enforces the rules that govern the access of users and applications to the data. In general, both data objects and access rules are subject to change over time, e.g., one might withdraw the right of a user to access a certain data object.
In this paper, we present a new access control model for weakly consistent replicated information systems. Such systems are engineered to be partition-tolerant and higher available than strongly consistent systems – an important aspect in a networked world with mobile devices. In particular, they allow concurrent updates to different replicas and do not enforce serializability of operations. However, this relaxation of consistency threatens access control. If we withdraw the right of a user to access data object o at one replica and then modify o, the user should not be able to see this modification by accessing o on a second replica (information leakage).
Our access control model targets eventually consistent data stores. It avoids information leakage and unauthorized modifications. Furthermore, it guarantees that modifications to the access rules initiated on different replicas eventually converge. Our model allows in particular to implement access-matrix based models such as the read-write-own model employed in file systems. In this paper, we define the model in an abstract way, explain its correctness properties, and describe how it can be efficiently implemented in state-of-the-art weakly consistent data stores.
- 1.Couchbase, December 2015. http://www.couchbase.com/
- 2.MongoDB for GIANT Ideas \(|\) MongoDB, December 2015. https://www.mongodb.org/
- 3.Riak KV December 2015. http://basho.com/products/riak-kv/
- 4.Almeida, P.S., Baquero, C., Gonçalves, R., Preguiça, N., Fonte, V.: Scalable and accurate causality tracking for eventually consistent stores. In: Magoutis, K., Pietzuch, P. (eds.) DAIS 2014. LNCS, vol. 8460, pp. 67–81. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43352-2_6 CrossRefGoogle Scholar
- 5.Brewer, E.A.: Towards robust distributed systems (abstract). In: Proceedings of the Nineteenth Annual ACM Symposium on Principles of Distributed Computing, p. 7. PODC 2000, NY, USA. ACM, New York (2000)Google Scholar
- 6.Burckhardt, S., Gotsman, A., Yang, H., Zawirski, M.: Replicated data types: Specification, verification, optimality. In: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 271–284. POPL 2014, NY, USA. ACM, New York (2014)Google Scholar
- 7.DeCandia, G., Hastorun, D., Jampani, M., Kakulapati, G., Lakshman, A., Pilchin, A., Sivasubramanian, S., Vosshall, P., Vogels, W.: Dynamo: Amazon’s highly available key-value store. In: Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles, pp. 205–220. SOSP ’07, NY, USA. ACM, New York (2007)Google Scholar
- 8.Ferraiolo, D., Kuhn, R.: Role-based access control. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)Google Scholar
- 14.Lloyd, W., Freedman, M.J., Kaminsky, M., Andersen, D.G.: Don’t settle for eventual: scalable causal consistency for wide-area storage with COPS. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 401–416. SOSP 2011, NY, USA. ACM, New York (2011)Google Scholar
- 20.SyncFree: Antidote reference platform(2016). https://github.com/SyncFree/antidote
- 21.Wobber, T., Rodeheffer, T.L., Terry, D.B.: Policy-based access control for weakly consistent replication. In: Proceedings of the 5th European Conference on Computer Systems, pp. 293–306. EuroSys 2010, NY, USA. ACM, New York (2010)Google Scholar