Policy-based access control for weakly consistent replication

EuroSys'10 - Proceedings of the EuroSys 2010 Conference

Volumn , Issue , 2010, Pages 293-306

  Wobber, Ted ^a   Rodeheffer, Thomas L ^a   Terry, Douglas B ^a  

^a MICROSOFT RESEARCH   (United States)

Author keywords

eventual consistency; replication; security logic

Indexed keywords

ACCESS CONTROL DECISIONS; ACCESS CONTROL POLICIES; AUTHORIZATION POLICY; DELEGATION OF AUTHORITY; EVENTUAL CONSISTENCY; REPLICATED DATA; SECURITY LOGIC;

NETWORK SECURITY; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 77954593401     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1755913.1755943     Document Type: Conference Paper

References (32)

1. C. Adams, S. Farrell, T. Kause, and T. Mononen. Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP). http://tools.ietf.org/ html/rfc4210.
2. A. Adya, W. J. Bolosky, M. Castro, G. Cermak, R. Chaiken, J. R. Douceur, J. Howell, J. R. Lorch, M. Theimer, and R. P. Wattenhofer. FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In Proceeding of the 5th Symposium on Operating Systems Design and Implementation, Boston, MA, USA, pages 1-14, 2002.
3. A. W. Appel and E. W. Felten. Proof-carrying authentication. In Proceedings of the 6th Conference on Computer and Communications Security, Singapore, pages 52-62, 1999.
4. L. Bauer, M. A. Schneider, , and E. W. Felten. A general and flexible access-control system for the web. In Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA, 2002.
5. L. Bauer, S. Garriss, J. M. McCune, M. K. Reiter, J. Rouse, and P. Rutenbar. Device-enabled authorization in the Grey system. In Proceedings of the 8th Information Security Conference, Singapore, pages 431-445. Springer Verlag LNCS 3650, 2005.
6. L. Bauer, S. Garriss, and M. K. Reiter. Distributed proving in access-control systems. In Proceedings of 2005 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pages 81-95, 2005.
7. M. Y. Becker, C. Fournet, and A. D. Gordon. Design and semantics of a decentralized authorization language. In Proceedings of 20th IEEE Computer Security Foundations Symposium, Venice, Italy, pages 3-16, 2007.
8. A. D. Birrell, R. Levin, M. Schroeder, and R. Needham. Grapevine: an exercise in distributed computing. Communications of the ACM, 25(4):260-274, 1982.
9. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pages 164-173, 1996.
10. F. Dabek, M. F. Kaashoek, D. Karger, R. Morris, and I. Stoica. Wide-area cooperative storage with CFS. In Proceedings of the 18th ACM Symposium on Operating Systems Principles, Banff, Canada, pages 202-215, 2001.
11. J. DeTreville. Binder, a logic-based security language. In Proceedings of 2002 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pages 105-113, 2002.
12. B. Ford, J. Strauss, C. Lesniewski-Laas, S. Rhea, F. Kaashoek, and R. Morris. Persistent personal names for globally connected mobile devices. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, Seattle, WA, USA, pages 233-248, 2006.
13. T. Jim. SD3: a Trust Management System with Certificate Evaluation. In Proceedings of 2001 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pages 106-115, 2001.
14. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265-310, 1992.
15. C. Lesniewski-laas, B. Ford, J. Strauss, R. Morris, and M. F. Kaashoek. Alpaca: extensible authorization for distributed services. In Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, pages 432-444, 2007.
16. P. Mahajan, R. Kotla, C. Marshall, V. Ramasubramanian, T. Rodeheffer, D. Terry, and T. Wobber. Effective and Efficient Compromise Recovery for Weakly Consistent Replication. In Proceedings of the Fourth EuroSys Conference, Nuremburg, Germany, pages 131-144, 2009.
17. D. Mazières, M. Kaminsky, M. F. Kaashoek, and E. Witchel. Separating key management from file system security. In Proceedings of 17th ACM Symposium on Operating Systems Principles, Kiawah Island Resort, SC, USA, pages 124-139, 1999.
18. Microsoft Corporation. About Active Directory Domain Services. http://msdn.microsoft.com/en-us/library/aa772142(VS.85).aspx.
19. Microsoft Corporation. Office Groove 2007 Developer Portal. http://msdn.microsoft.com/en-us/office/bb308957.aspx.
20. Microsoft Corporation. Microsoft Sync Framework. http://code.msdn. microsoft.com/sync.
21. Microsoft Corporation. Security Policy Assertion Language (SecPAL), .NET Developer Documentation. http://research.microsoft.com/projects/SecPAL/, 2007.
22. A. Muthitacharoen, R. Morris, T. M. Gil, and B. Chen. Ivy: A read/write peer-to-peer file system. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation, Boston, MA, USA, pages 31-44, 2002.
23. R. Rivest and B. Lampson. A Simple Distributed Security Infrastructure (SDSI). http://groups.csail.mit.edu/cis/sdsi.html, 1996.
24. V. Ramasubramanian, T. Rodeheffer, D. Terry, M. Walraed-Sullivan, T. Wobber, C. Marshall, and A. Vahdat. Cimbiosys: A platform for content-based partial replication. In Proceedings of 6th USENIX Symposium on Networked Systems Design and Implementation, Boston, MA, USA, 2009.
25. P. Z. Revesz. Constraint databases: a survey. Semantics and Databases, 1358:209-246, 1995.
26. P. Samarati, P. Ammann, and S. Jajodia. Maintaining replicated authorizations in distributed database systems. Data and Knowledge Engineering, 1(18):55-84, 1996.
27. M. Satyanarayanan. Integrating security in a large distributed system. ACM Transactions on Computer Systems, 7(3):247-280, 1989.
28. F. Schneider. Implementing fault-tolerant services using the state machine approach: a tutorial. ACM Computing Surveys, 22(299), 1990.
29. A. Shamir. How to share a secret. Communications of the ACM, 11(22):612-613, 1979.
30. D. B. Terry,M. M. Theimer, K. Petersen, A. J. Demers, M. J. Spreitzer, and C. H. Hauser. Managing update conflicts in Bayou, a weakly connected replicated storage system. In Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles, Copper Mountain Resort, CO,USA, pages 172-182, 1995.
31. W. Vogels. Eventually consistent. ACM Queue, 6(6):14-19, 2008.
32. E. Wobber, M. Abadi, M. Burrows, and B. Lampson. Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12(1):3-32, 1994.