Pesto flavored security

We demonstrate that symmetric-key cryptography can be used for both read and write access control. One-time write access can be granted by handing over an encryption key, and our encryption framework allows the revocation of previously granted rights. The number of keys to be managed explicitly grows linearly with the number of access control policies a user defines, making security manageable. The framework is used in the Pesto distributed storage system. In Pesto, policies can be stored the same as other data and the same mechanism can be used to control access to them. Delegation of authority over policies concerning different tasks can then be performed. Separating the different tasks of the system, allows for different tasks to be assigned to different sets of nodes. Nodes need then only be trusted with respect to the specific task(s) they have been assigned with.

[1]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[2]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[3]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[4]  Mahadev Satyanarayanan,et al.  Disconnected Operation in the Coda File System , 1999, Mobidata.

[5]  Jon Howell,et al.  End-to-end authorization , 2000, OSDI.

[6]  Ross J. Anderson,et al.  The XenoService { A Distributed Defeat for Distributed Denial of Service , 2000 .

[7]  Tage Stabell-Kulø,et al.  The Open-End Argument for Private Computing , 1999, HUC.

[8]  Maurice Herlihy,et al.  How to Make Replicated Data Secure , 1987, CRYPTO.

[9]  Marvin Theimer,et al.  Managing update conflicts in Bayou, a weakly connected replicated storage system , 1995, SOSP.

[10]  Carl M. Ellison,et al.  SPKI Requirements , 1999, RFC.

[11]  R. Anderson The Eternity Service , 1996 .

[12]  John S. Heidemann,et al.  Primarily disconnected operation: experiences with Ficus , 1992, [1992 Proceedings] Second Workshop on the Management of Replicated Data.

[13]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[14]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[15]  Garret Swart,et al.  The Echo Distributed File System , 1996 .

[16]  B. Lampson,et al.  Protection 1 , 2022 .

[17]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[18]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.