Tagged Sets: A Secure and Transparent Coordination Medium

A simple and effective way of coordinating distributed, mobile, and parallel applications is to use a virtual shared memory (VSM), such as a Linda tuple-space. In this paper, we propose a new kind of VSM, called a tagged set. Each element in the VSM is a value with an associated tag, and values are read or removed from the VSM by matching the tag. Tagged sets exhibit three properties useful for VSMs: Ease of use. A tagged value naturally corresponds to the notion that data has certain attributes, expressed by the tag, which can be used for later retrieval. Flexibility. Tags are implemented as propositional logic formulae, and selection as logical implication, so the resulting system is quite powerful. Tagged sets naturally support a variety of applications, such as shared data repositories (e.g., for media or e-mail), message passing, and publish/subscribe algorithms; they are powerful enough to encode existing VSMs, such as Linda spaces. Security. Our notion of tags naturally corresponds to keys, or capabilities: a user may not select data in the set unless she presents a legal key or keys. Normal tags correspond to symmetric keys, and we introduce asymmetric tags that correspond to public and private key pairs. Treating tags as keys permits users to easily specify protection criteria for data at a fine granularity. This paper motivates our approach, sketches its basic theory, and places it in the context of other data management strategies.

[1]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[2]  Alin Deutsch,et al.  Workshop on Query Processing for Semistructured Data and Non-Standard Data Formats , 1999 .

[3]  Franco Zambonelli,et al.  Tuple centres for the coordination of Internet agents , 1999, SAC '99.

[4]  Alexander L. Wolf,et al.  Security issues and requirements for Internet-scale publish-subscribe systems , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[5]  Alan Wood,et al.  Coordination with Attributes , 1999, COORDINATION.

[6]  Marcos K. Aguilera,et al.  Matching events in a content-based subscription system , 1999, PODC '99.

[7]  Gianluigi Zavattaro,et al.  WSSecSpaces: a secure data-driven coordination service for Web Services applications , 2004, SAC '04.

[8]  David S. Rosenblum,et al.  Achieving scalability and expressiveness in an Internet-scale event notification service , 2000, PODC '00.

[9]  Alin Deutsch,et al.  A deterministic model for semistructured data , 1999 .

[10]  Victoria Ungureanu,et al.  Making tuple spaces safe for heterogeneous distributed systems , 2000, SAC '00.

[11]  Kousha Etessami,et al.  Optimizing Büchi Automata , 2000, CONCUR.

[12]  Min Wang,et al.  Cryptography and relational database management systems , 2001, Proceedings 2001 International Database Engineering and Applications Symposium.

[13]  Rocco De Nicola,et al.  Programming Access Control: The KLAIM Experience , 2000, CONCUR.

[14]  Jan Vitek,et al.  A Coordination Model for Agents Based on Secure Spaces , 1999 .

[15]  Nicholas Carriero,et al.  Applications experience with Linda , 1988, PPEALS '88.

[16]  Rocco De Nicola,et al.  A Java Middleware for Guaranteeing Privacy of Distributed Tuple Spaces , 2002, FIDJI.

[17]  Chris Hankin,et al.  Coordinatio Languages and Models , 2002, Lecture Notes in Computer Science.

[18]  Jan Vitek,et al.  Coordinating processes with secure spaces , 2003, Sci. Comput. Program..

[19]  David K. Gifford Cryptographic sealing for information secrecy and authentication , 1982, CACM.

[20]  Atul Prakash,et al.  Secure Distribution of Events in Content-Based Publish Subscribe Systems , 2001, USENIX Security Symposium.