Safety and consistency in policy-based authorization systems

In trust negotiation and other distributed proving systems, networked entities cooperate to form proofs that are justi?ed by collections of certi?ed attributes. These attributes may be obtained through interactions with any number of external entities and are collected and validated over an extended period of time. Though these collections of credentials in some ways resemble partial system snapshots,these systems currently lack the notion of a consistent global state in which the satisfaction of authorization policies should be checked. In this paper, we argue that unlike the notions of consistency studied in other areas of distributed computing, the level of consistency required during policy evaluation is predicated solely upon the security requirements of the policy evaluator. As such,there is little incentive for entities to participate in complicated consistency preservation schemes like those used in distributed computing,distributed databases, and distributed shared memory. We go on to show that the most intuitive notion of consistency fails to provide basic safety guarantees under certain circumstances and then propose several more refined notions of consistency which provide stronger safety guarantees. We provide algorithms that allow each of these re ?ned notions of consistency to be attained in practice with minimal overheads.

[1]  Leslie Lamport,et al.  Distributed snapshots: determining global states of distributed systems , 1985, TOCS.

[2]  F. P. Secrecy , 1994, RES: Anthropology and Aesthetics.

[3]  Andrew S. Tanenbaum,et al.  Distributed systems: Principles and Paradigms , 2001 .

[4]  Lujo Bauer,et al.  Distributed proving in access-control systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[5]  David Kotz,et al.  Scalability in a Secure Distributed Proof System , 2006, Pervasive.

[6]  David R. Cheriton,et al.  Understanding the limitations of causally and totally ordered communication , 1994, SOSP '93.

[7]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[8]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[9]  Elisa Bertino,et al.  Trust-/spl Xscr/;: a peer-to-peer framework for trust establishment , 2004, IEEE Transactions on Knowledge and Data Engineering.

[10]  Ninghui Li,et al.  Safety in automated trust negotiation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[11]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[12]  David L. Mills,et al.  Network Time Protocol (Version 3) Specification, Implementation and Analysis , 1992, RFC.

[13]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[14]  Marianne Winslett,et al.  PeerAccess: a logic for distributed authorization , 2005, CCS '05.

[15]  Philip A. Bernstein,et al.  Concurrency Control in Distributed Database Systems , 1986, CSUR.

[16]  Fabio Massacci,et al.  Interactive Credential Negotiation for Stateful Business Processes , 2005, iTrust.

[17]  Marianne Winslett,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003, TSEC.

[18]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[19]  David L. Mills,et al.  Network Time Protocol (Version 3) Specification, Implementation , 1992 .

[20]  Ninghui Li,et al.  Automated trust negotiation using cryptographic credentials , 2005, CCS '05.

[21]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[22]  Ting Yu,et al.  Preventing attribute information leakage in automated trust negotiation , 2005, CCS '05.

[23]  Ninghui Li,et al.  RT: a Role-based Trust-management framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[24]  Pierangela Samarati,et al.  Regulating service access and information release on the Web , 2000, CCS.

[25]  Ozalp Babaoglu,et al.  Consistent global states of distributed systems: fundamental concepts and mechanisms , 1993 .

[26]  Ninghui Li,et al.  Towards practical automated trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[27]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[28]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[29]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[30]  WinslettMarianne,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003 .