Abstract
Distributed applications are often composed of autonomous components that are controlled by different stakeholders. Authorization in such a scenario has to be enforced in a decentralized way so that administrators retain control over their respective resources. In this paper, we define a flexible access control model for a data-driven coordination middleware that abstracts the collaboration of autonomous peers. It supports the definition of fine-grained policies that depend on authenticated subject attributes, content properties and context data. To enable peers to act on behalf of others, chained delegation is supported and permissions depend on trust assumptions about nodes along this chain. Besides access to data, also service invocations, dynamic behavior changes and policy updates can be authorized in a unified way. We show how this access control model can be integrated into a secure middleware architecture and provide example policies for simple coordination patterns.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ao, X., Minsky, N.H.: Flexible regulation of distributed coalitions. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 39–60. Springer, Heidelberg (2003)
Ahmed, T., Tripathi, A.R.: Security Policies in Distributed CSCW and Workflow Systems. IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans 40(6), 1220–1231 (2010)
Gomi, H., Hatakeyama, M., Hosono, S., Fujita, S.: A delegation framework for federated identity management. In: 2005 Workshop on Digital Identity Management, pp. 94–103. ACM (2005)
Chadwick, D., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.A.: PERMIS: A modular authorization infrastructure. Concurrency Computation Practice and Experience 20(11), 1341–1357 (2008)
Crispo, B., Sivasubramanian, S., Mazzoleni, P., Bertino, E.: P-Hera: scalable fine-grained access control for P2P infrastructures. In: 11th International Conference on Parallel and Distributed Systems, vol. 1, pp. 585–591. IEEE (2005)
Kühn, E., Craß, S., Joskowicz, G., Marek, A., Scheller, T.: Peer-based programming model for coordination patterns. In: De Nicola, R., Julien, C. (eds.) COORDINATION 2013. LNCS, vol. 7890, pp. 121–135. Springer, Heidelberg (2013)
Kühn, E., Mordinyi, R., Keszthelyi, L., Schreiber, C.: Introducing the concept of customizable structured spaces for agent coordination in the production automation domain. In: 8th International Conference on Autonomous Agents and Multiagent Systems, vol. 1, pp. 625–632. IFAAMAS (2009)
Carriero, N., Gelernter, D.: Linda in context. Communications of the ACM 32(4), 444–458 (1989)
Craß, S., Dönz, T., Joskowicz, G., Kühn, E., Marek, A.: Securing a Space-Based Service Architecture with Coordination-Driven Access Control. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 4(1), 76–97 (2013)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: 2005 IEEE International Conference on Web Services, pp. 561–569. IEEE (2005)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)
Moses, T.: eXtensible Access Control Markup Language (XACML) Version 2.0. Standard, OASIS (2005)
Craß, S., Dönz, T., Joskowicz, G., Kühn, E.: A coordination-driven authorization framework for space containers. In: 7th International Conference on Availability, Reliability and Security, pp. 133–142. IEEE (2012)
Kühn, E., Craß, S., Schermann, G.: Extending a peer-based coordination model with composable design patterns. In: 23rd Euromicro International Conference on Parallel, Distributed and Network-Based Processing, pp. 53–61. IEEE (2015)
Gasser, M., McDermott, E.: An architecture for practical delegation in a distributed system. In: IEEE Computer Society Symposium on Research in Security and Privacy, pp. 20–30. IEEE (1990)
Opyrchal, L., Prakash, A., Agrawal, A.: Designing a publish-subscribe substrate for privacy/security in pervasive environments. In: 2006 ACS/IEEE International Conference on Pervasive Services, pp. 313–316. IEEE (2006)
Cremonini, M., Omicini, A., Zambonelli, F.: Coordination and access control in open distributed agent systems: the TuCSoN approach. In: Porto, A., Roman, G.-C. (eds.) COORDINATION 2000. LNCS, vol. 1906, pp. 99–114. Springer, Heidelberg (2000)
Benigni, F., Brogi, A., Buchholz, J.L., Jacquet, J.M., Lange, J., Popescu, R.: Secure P2P programming on top of tuple spaces. In: 17th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 54–59. IEEE (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Craß, S., Joskowicz, G., Kühn, E. (2015). A Decentralized Access Control Model for Dynamic Collaboration of Autonomous Peers. In: Thuraisingham, B., Wang, X., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-28865-9_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-28865-9_28
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-28864-2
Online ISBN: 978-3-319-28865-9
eBook Packages: Computer ScienceComputer Science (R0)