Skip to main content

Access Control for Weakly Consistent Replicated Information Systems

  • Conference paper
  • First Online:
Security and Trust Management (STM 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9871))

Included in the following conference series:

Abstract

Access control is an important aspect of information systems. It manages and enforces the rules that govern the access of users and applications to the data. In general, both data objects and access rules are subject to change over time, e.g., one might withdraw the right of a user to access a certain data object.

In this paper, we present a new access control model for weakly consistent replicated information systems. Such systems are engineered to be partition-tolerant and higher available than strongly consistent systems – an important aspect in a networked world with mobile devices. In particular, they allow concurrent updates to different replicas and do not enforce serializability of operations. However, this relaxation of consistency threatens access control. If we withdraw the right of a user to access data object o at one replica and then modify o, the user should not be able to see this modification by accessing o on a second replica (information leakage).

Our access control model targets eventually consistent data stores. It avoids information leakage and unauthorized modifications. Furthermore, it guarantees that modifications to the access rules initiated on different replicas eventually converge. Our model allows in particular to implement access-matrix based models such as the read-write-own model employed in file systems. In this paper, we define the model in an abstract way, explain its correctness properties, and describe how it can be efficiently implemented in state-of-the-art weakly consistent data stores.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Couchbase, December 2015. http://www.couchbase.com/

  2. MongoDB for GIANT Ideas \(|\) MongoDB, December 2015. https://www.mongodb.org/

  3. Riak KV December 2015. http://basho.com/products/riak-kv/

  4. Almeida, P.S., Baquero, C., Gonçalves, R., Preguiça, N., Fonte, V.: Scalable and accurate causality tracking for eventually consistent stores. In: Magoutis, K., Pietzuch, P. (eds.) DAIS 2014. LNCS, vol. 8460, pp. 67–81. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43352-2_6

    Chapter  Google Scholar 

  5. Brewer, E.A.: Towards robust distributed systems (abstract). In: Proceedings of the Nineteenth Annual ACM Symposium on Principles of Distributed Computing, p. 7. PODC 2000, NY, USA. ACM, New York (2000)

    Google Scholar 

  6. Burckhardt, S., Gotsman, A., Yang, H., Zawirski, M.: Replicated data types: Specification, verification, optimality. In: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 271–284. POPL 2014, NY, USA. ACM, New York (2014)

    Google Scholar 

  7. DeCandia, G., Hastorun, D., Jampani, M., Kakulapati, G., Lakshman, A., Pilchin, A., Sivasubramanian, S., Vosshall, P., Vogels, W.: Dynamo: Amazon’s highly available key-value store. In: Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles, pp. 205–220. SOSP ’07, NY, USA. ACM, New York (2007)

    Google Scholar 

  8. Ferraiolo, D., Kuhn, R.: Role-based access control. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)

    Google Scholar 

  9. Gilbert, S., Lynch, N.: Brewer’s conjecture and the feasibility of consistent, available, partition-tolerant web services. SIGACT News 33(2), 51–59 (2002)

    Article  Google Scholar 

  10. Gonçalves, R., Almeida, P.S., Baquero, C., Fonte, V.: Concise server-wide causality management for eventually consistent data stores. In: Bessani, A., Bouchenak, S. (eds.) DAIS 2015. LNCS, vol. 9038, pp. 66–79. Springer, Heidelberg (2015). doi:10.1007/978-3-319-19129-4_6

    Google Scholar 

  11. Imine, A., Cherif, A., Rusinowitch, M.: A flexible access control model for distributed collaborative editors. In: Jonker, W., Petković, M. (eds.) SDM 2009. LNCS, vol. 5776, pp. 89–106. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04219-5_6

    Chapter  Google Scholar 

  12. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31540-4_4

    Chapter  Google Scholar 

  13. Jin, X., Sandhu, R., Krishnan, R.: RABAC: role-centric attribute-based access control. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 84–96. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33704-8_8

    Chapter  Google Scholar 

  14. Lloyd, W., Freedman, M.J., Kaminsky, M., Andersen, D.G.: Don’t settle for eventual: scalable causal consistency for wide-area storage with COPS. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 401–416. SOSP 2011, NY, USA. ACM, New York (2011)

    Google Scholar 

  15. Samarati, P., Ammann, P., Jajodia, S.: Maintaining replicated authorizations in distributed database systems. Data Knowl. Eng. 18(1), 55–84 (1996)

    Article  MATH  Google Scholar 

  16. Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001). doi:10.1007/3-540-45608-2_3

    Chapter  Google Scholar 

  17. Saunders, G., Hitchens, M., Varadharajan, V.: An analysis of access control models. In: Pieprzyk, J., Safavi-Naini, R., Seberry, J. (eds.) ACISP 1999. LNCS, vol. 1587, pp. 281–293. Springer, Heidelberg (1999). doi:10.1007/3-540-48970-3_23

    Chapter  Google Scholar 

  18. Shapiro, M., Preguiça, N., Baquero, C., Zawirski, M.: Conflict-free replicated data types. In: Défago, X., Petit, F., Villain, V. (eds.) SSS 2011. LNCS, vol. 6976, pp. 386–400. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24550-3_29

    Chapter  Google Scholar 

  19. Shapiro, M., Preguiça, N.M., Baquero, C., Zawirski, M.: Convergent and commutative replicated data types. Bull. EATCS 104, 67–88 (2011b)

    MathSciNet  MATH  Google Scholar 

  20. SyncFree: Antidote reference platform(2016). https://github.com/SyncFree/antidote

  21. Wobber, T., Rodeheffer, T.L., Terry, D.B.: Policy-based access control for weakly consistent replication. In: Proceedings of the 5th European Conference on Computer Systems, pp. 293–306. EuroSys 2010, NY, USA. ACM, New York (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mathias Weber .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Weber, M., Bieniusa, A., Poetzsch-Heffter, A. (2016). Access Control for Weakly Consistent Replicated Information Systems. In: Barthe, G., Markatos, E., Samarati, P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science(), vol 9871. Springer, Cham. https://doi.org/10.1007/978-3-319-46598-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46598-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46597-5

  • Online ISBN: 978-3-319-46598-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics