Sciweavers

EUROSYS
2010
ACM

Policy-based access control for weakly consistent replication

14 years 4 months ago
Policy-based access control for weakly consistent replication
Combining access control with weakly consistent replication presents a challenge if the resulting system is to support eventual consistency. If authorization policy can be temporarily inconsistent, any given operation may be permitted at one node and yet denied at another. This is especially troublesome when the operation in question involves a change in policy. Without a careful design, permanently divergent state can result. We describe and evaluate the design and implementation of an access control system for weakly consistent replication where peers are not uniformly trusted. Our system allows for the specification of fine-grained access control policy over a collection of replicated items. Policies are expressed using a logical assertion framework and access control decisions are logical proofs. Policy can grow to encompass new nodes through fine-grain delegation of authority. Eventual consistency of the replicated data is preserved despite the fact that access control policy ...
Ted Wobber, Thomas L. Rodeheffer, Douglas B. Terry
Added 10 Jul 2010
Updated 10 Jul 2010
Type Conference
Year 2010
Where EUROSYS
Authors Ted Wobber, Thomas L. Rodeheffer, Douglas B. Terry
Comments (0)