IDEALS Home University of Illinois at Urbana-Champaign logo The Alma Mater The Main Quad

Safety and Consistency in Policy-Based Authorization Systems (Extended Version)

Show full item record

Bookmark or cite this item: http://hdl.handle.net/2142/11243

Files in this item

File Description Format
PDF Safety and Cons ... ems (Extended Version).pdf (306KB) (no description provided) PDF
Title: Safety and Consistency in Policy-Based Authorization Systems (Extended Version)
Author(s): Lee, Adam J.; Winslett, Marianne
Subject(s): computer science
Abstract: In trust negotiation and other distributed proving systems, networked entities cooperate to form proofs that are justified by collections of certified attributes. These attributes may be obtained through interactions with any number of external entities and are collected and validated over an extended period of time. Though these collections of credentials in some ways resemble partial system snapshots, these systems currently lack the notion of a consistent global state in which the satisfaction of authorization policies should be checked. In this paper, we argue that unlike the notions of consistency studied in other areas of distributed computing, the level of consistency required during policy evaluation is predicated solely upon the security requirements of the policy evaluator. As such, there is little incentive for entities to participate in complicated consistency preservation schemes like those used in distributed computing, distributed databases, and distributed shared memory. We go on to show that the most intuitive notion of consistency fails to provide basic safety guarantees under certain circumstances and then propose several more refined notions of consistency which provide stronger safety guarantees. We provide algorithms that allow each of these refined notions of consistency to be attained in practice with minimal overheads.
Issue Date: 2006-08
Genre: Technical Report
Type: Text
URI: http://hdl.handle.net/2142/11243
Other Identifier(s): UIUCDCS-R-2006-2761
Rights Information: You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).
Date Available in IDEALS: 2009-04-21
 

This item appears in the following Collection(s)

Show full item record

Item Statistics

  • Total Downloads: 130
  • Downloads this Month: 2
  • Downloads Today: 0

Browse

My Account

Information

Access Key