Practical access control management for distributed collaborative editors

The project summarized in this article aims at developing techniques to support access control in Real-Time Distributed Collaborative Editors (RCE). The ever-increasing role of RCE in academic, industry and society comforts the expansion of data sharing and raises growing concerns about controlling access to this data. Indeed, RCE allow for a human-computer-human interaction in a decentralized fashion. Thus, access control for RCE requires a careful design since they need dynamic access changes and low latency access to shared document while maintaining its consistency.In this article, we propose a flexible access control model where the shared document and its authorization policy are replicated in the local memory of each user. To deal with latency and dynamic access changes, we use an optimistic access control technique in such a way that enforcement of authorizations is retroactive. Our model is generic enough to be deployed on the top of the most of existing logging-based collaborative systems. Indeed, it does not entail overheads and it does not affect the convergence of the shared document. We show that naive coordination between updates of both copies can create security holes on the shared document, by permitting illegal modifications or rejecting legal modifications and present our solutions to avoid these problems. Finally, we present a prototype for managing authorizations in collaborative editing work in a decentralized fashion. Thus our model may be deployed easily on mobile devices over P2P networks.

[1]  Sabrina De Capitani di Vimercati,et al.  Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.

[2]  R.W. Baldwin,et al.  Naming and grouping privileges to simplify security management in large databases , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Hala Skaf-Molli,et al.  Using the transformational approach to build a safe and generic data synchronizer , 2003, GROUP.

[4]  Chengzheng Sun,et al.  Operational transformation in real-time group editors: issues, algorithms, and achievements , 1998, CSCW '98.

[5]  Nicolas Vidot,et al.  Copies convergence in a distributed real-time collaborative environment , 2000, CSCW '00.

[6]  Naohiro Hayashibara,et al.  The φ Accrual Failure Detector , 2004 .

[7]  Indrakshi Ray,et al.  A lattice-based approach for updating access control policies in real-time , 2007, Inf. Syst..

[8]  Ning Gu,et al.  An algorithm for selective undo of any operation in collaborative applications , 2010, GROUP '10.

[9]  Paul Benjamin Lowry,et al.  A Taxonomy of Collaborative Writing to Improve Empirical Research, Writing Practice, and Tool Development , 2004 .

[10]  Sushil Jajodia,et al.  Maintaining Replicated Authorizations in Distributed Database Systems , 1996, Data Knowl. Eng..

[11]  Joan Manuel Marquès,et al.  A Commutative Replicated Data Type for Cooperative Editing , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[12]  Emal Pasarly Time , 2011, Encyclopedia of Evolutionary Psychological Science.

[13]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[14]  Elisa Bertino,et al.  Securing XML documents: the author-X project demonstration , 2001, SIGMOD '01.

[15]  Atul Prakash,et al.  Requirements of role-based access control for collaborative systems , 1996, RBAC '95.

[16]  P. Lowry,et al.  Building a Taxonomy and Nomenclature of Collaborative Writing to Improve Interdisciplinary Research and Practice , 2004 .

[17]  Klaus R. Dittrich,et al.  An access control mechanism for P2P collaborations , 2008, DaMaP '08.

[18]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[19]  Rui Li,et al.  An Operational Transformation Algorithm and Performance Evaluation , 2005, Computer Supported Cooperative Work (CSCW).

[20]  Michaël Rusinowitch,et al.  A Flexible Access Control Model for Distributed Collaborative Editors , 2009, Secure Data Management.

[21]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[22]  Wentong Cai,et al.  Transparent adaptation of single-user applications for multi-user real-time collaboration , 2006, TCHI.

[23]  Elisa Bertino,et al.  A decentralized temporal authorization model , 1996 .

[24]  Yanchun Zhang,et al.  Achieving convergence, causality preservation, and intention preservation in real-time cooperative editing systems , 1998, TCHI.

[25]  Ted Wobber,et al.  Policy-based access control for weakly consistent replication , 2010, EuroSys '10.

[26]  Jean Ferrié,et al.  Concurrent operations in a distributed and mobile collaborative environment , 1998, Proceedings 14th International Conference on Data Engineering.

[27]  P. Cederqvist,et al.  Version Management with CVS , 1993 .

[28]  Abdelilah Essiari,et al.  PKI-based security for peer-to-peer information sharing , 2004 .

[29]  Elisa Bertino,et al.  A decentralized temporal autoritzation model , 1996, SEC.

[30]  Prasun Dewan,et al.  Access control for collaborative environments , 1992, CSCW '92.

[31]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[32]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[33]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[34]  Lu Chang Client-Based Access Control Management for XML Documents , 2006 .

[35]  Matthias Ressel,et al.  An integrating, transformation-oriented approach to concurrency control and undo in group editors , 1996, CSCW '96.

[36]  Chengzheng Sun,et al.  Operational transformation for collaborative word processing , 2004, CSCW.

[37]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[38]  Luciano Paschoal Gaspary,et al.  Policy-based access control in peer-to-peer grid systems , 2005, The 6th IEEE/ACM International Workshop on Grid Computing, 2005..

[39]  Dean Povey Optimistic security: a new access control paradigm , 1999, NSPW '99.

[40]  Jean Ferrié,et al.  Serialization of concurrent operations in a distributed collaborative environment , 1997, GROUP.

[41]  David Sun,et al.  Context-Based Operational Transformation in Distributed Collaborative Editing Systems , 2009, IEEE Transactions on Parallel and Distributed Systems.

[42]  Abdessamad Imine Coordination Model for Real-Time Collaborative Editors , 2009, COORDINATION.

[43]  Elisa Bertino,et al.  P-Hera: scalable fine-grained access control for P2P infrastructures , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[44]  Clarence A. Ellis,et al.  Concurrency control in groupware systems , 1989, SIGMOD '89.

[45]  Michaël Rusinowitch,et al.  Formal design and verification of operational transformation algorithms for copies convergence , 2006, Theor. Comput. Sci..

[46]  Rui Li,et al.  Ensuring content and intention consistency in real-time group editors , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[47]  Ronald M. Baecker,et al.  Readings in human-computer interaction : toward the year 2000 , 1995 .

[48]  Steve Benford,et al.  An access control framework for multi-user collaborative environments , 1999, GROUP.

[49]  Rachid Guerraoui,et al.  On the consistency problem in mobile distributed computing , 2002, POMC '02.

[50]  Benjamin C. Pierce,et al.  What's in Unison? A Formal Specification and Reference Implementation of a File Synchronizer , 2004 .