• Skip to primary navigation
  • Skip to main content
SRI logo
  • About
    • Press room
    • Our history
  • Expertise
    • Advanced imaging systems
    • Artificial intelligence
    • Biomedical R&D services
    • Biomedical sciences
    • Computer vision
    • Cyber & formal methods
    • Education and learning
    • Innovation strategy and policy
    • National security
    • Ocean & space
    • Quantum
    • QED-C
    • Robotics, sensors & devices
    • Speech & natural language
    • Video test & measurement
  • Ventures
  • NSIC
  • Careers
  • Contact
  • 日本支社
Search
Close
Publication January 1, 2008

Parameterized Access Control: from Design to Prototype

Citation

Copy to clipboard


Gehani, A., & Chandra, S. (2008, September). Parameterized access control: from design to prototype. In Proceedings of the 4th international conference on Security and privacy in communication netowrks (pp. 1-8).

Abstract

Peer-to-peer overlays provide a substrate well suited to building distributed storage systems. Applications that use the infrastructure need the ability to control access to their data. However, traditional authorization services were not designed to operate in the face of network partitions, malicious nodes, and on an Internet-wide scale.

We describe the implementation of the Decentralized Authentication and Authorization Layer (DAAL), a mechanism to leverage the storage functionality of the overlay and obviate the need for an online, centralized access control service. The system can efficiently identify malicious nodes and continue to operate correctly when an arbitrary, predefined fraction of the network is unreachable (as occurs during an attack against the routing infrastructure or during a distributed denial-of-service attack).

DAAL melds the access request efficiency of capability-based systems with the revocation power of reference monitor-based access control lists. It avoids the use of distributed leases as they create a vulnerability window during which there is a gap between the security policy and configuration. Actualizing the design can be challenging. Hence, we describe the protocol details and how they can be abstracted behind a minimal, intuitive application programming interface. As a proof of concept, we implemented DAAL as a Java prototype on a 200-node peer-to-peer overlay distributed across the world.

↓ View online

Share this

How can we help?

Once you hit send…

We’ll match your inquiry to the person who can best help you.

Expect a response within 48 hours.

Career call to action image

Make your own mark.

Search jobs

Our work

Case studies

Publications

Timeline of innovation

Areas of expertise

Institute

Leadership

Press room

Media inquiries

Compliance

Careers

Job listings

Contact

SRI Ventures

Our locations

Headquarters

333 Ravenswood Ave
Menlo Park, CA 94025 USA

+1 (650) 859-2000

Subscribe to our newsletter


日本支社
SRI International
  • Contact us
  • Privacy Policy
  • Cookies
  • DMCA
  • Copyright © 2022 SRI International