Controlling Collaborative Systems - PowerPoint PPT Presentation

About This Presentation
Title:

Controlling Collaborative Systems

Description:

The access control operations must be idempotent. Scalability: ... Access specified on a per object basis. Each user is given certain permissions ... – PowerPoint PPT presentation

Number of Views:147
Avg rating:3.0/5.0
Slides: 27
Provided by: SK183
Learn more at: http://www.cs.unc.edu
Category:

less

Transcript and Presenter's Notes

Title: Controlling Collaborative Systems


1
Controlling Collaborative Systems
  • -Srinivas Krishnan
  • Dept of Computer Science
  • UNC-Chapel Hill

2
Collaborative Systems
Shared Resource
3
Requirements for Access Control Systems
  • The access control operations must be idempotent
  • Scalability
  • Need to support N-users, as well as distributed
    resources
  • Preferred Goals
  • Transparency
  • Ease of Administration

4
Requirements for Access Control Systems
  • Access Control Systems are built in layers

A U D I T
Permissions
Notifications
5
Access Matrix
  • .
  • Access specified on a per object basis
  • Each user is given certain permissions
  • To scale this further Access Control Lists are
    used
  • Systems that use AMs Grove, RTCAL (central admin
    provides the permissions to all objects)

6
ACL and CCL
ACL
CCL
  • Access Control Matrices are linked together to
    form ACLs for each object
  • Capability Lists are the opposite of ACLS, where
    users maintain which objects they have access to.

7
Pros and Cons of ACLs
  • Easy to implement and maintain
  • Dynamic changing of rights hard
  • Needs knowledge of each users needs before hand.
  • Not always possible in a collaborative
    environment
  • Also each user/object needs to be explicitly
    given permissions

8
Role Based Access Control (Sandhu et al)
  • Permissions are assigned to roles
  • User authenticates in a 2 step process

Request
Permissions
Roles
Users
Role
Resources
9
RBAC (cont)
  • Notion of a session
  • Bound to a single user accessing the resource and
    the roles he needs
  • Needs a policy in place generic enough to
    accommodate all accesses
  • Did not allow for migration of roles within a
    single session

10
Spatial Access Control
  • Divides collaborative environment into spaces

Collaborative Environment
11
Spatial Access Control
  • Uses an access graph to allow for traversal
    between the various spaces
  • Further we can provide constraints in movement
    from space to space

Space A
User1
User1
Space B
Space C
User2
12
Test Setting
Taking the Test
Correction
Results
13
Implementation Issues
  • Order of updates and notification matter
  • Cannot depend on a global clock to be
    synchronized

Remove Access to Bob (Op2)
Give Access to Bob (Op1)
Permissions
14
Solution for Order of Updates
  • Most fine-grained locking operations require
    Total-Ordering

Check Update Counter
gt Local
Remote Counter
lt Local
Adopt Remote Counter
X

Perform Operation
15
Fine-Grained Access Control
  • Traditional Modes do not scale too well for
    N-users needing dynamic rights
  • Fast provision of permissions
  • Optimistic Locks and Access Control can provide
    native performance

16
Optimistic Control
  • Make the user ask forgiveness not permission
  • A similar system exists in UNIX with sudo.
  • However, changes are permanent

Fire in Building
John
John
Move Resource
Everyday access
Resource
Access Denied
17
Optimistic Access Control
  • Needs different points of entry

A U D I T
ElevatedEntry
Normal Entry
Access Control
Resource
18
Optimistic Control
New State
Guaranteed Protection
Compensating
Transaction
No Protection
New State
Transaction
19
Auditing Optimism
Resource
Transaction
Compensation
Verify
Verification Classes
Users
Integrity Rules must be verified at all times
20
Simple Optimistic Access Control
Auth Modules
Verify
Write to File
Transaction Checker
Logger
File
PTP LOG
Log
21
Case-Study P2P Collaborative Systems
  • MOTION Provides Access Control in a P2P
    environment
  • No Centralized Access Control
  • Scalability
  • N-Users
  • N-Auth Modules
  • Dynamic Entry Exit of Users
  • Role Based Access Control
  • L1 peer L2 peer
  • L1 peers protect resources

22
Architecture
23
Improving Motion
24
Summary
  • Access Control essential for maintaining a secure
    Collaborative Environment
  • Access Control can introduce lag and degrade a
    users experience
  • Optimistic Access Control algorithms can be used
    to allow users to experience native performance

25
References
  • Tolone, W., Ahn, G., Pai, T., and Hong, S. 2005.
    Access control in collaborative systems. ACM
    Comput. Surv. 37, 1 (Mar. 2005), 29-41.
  • Povey, D. 2000. Optimistic security a new access
    control paradigm. In Proceedings of the 1999
    Workshop on New Security Paradigms (Caledon
    Hills, Ontario, Canada, September 22 - 24, 1999).
    NSPW '99. ACM Press, New York, NY, 40-45.
  • Chengzheng Sun, "Optional and Responsive
    Fine-Grain Locking in Internet-Based
    Collaborative Systems," IEEE Transactions on
    Parallel and Distributed Systems ,vol. 13, no. 9, 
     pp. 994-1008, September, 2002.
  • Fenkam, P. Dustdar, S. Kirda, E. Reif, G.
    Gall, H., "Towards an access control system for
    mobile peer-to-peer collaborative environments,"
    Enabling Technologies Infrastructure for
    Collaborative Enterprises, 2002. WET ICE 2002.
    Proceedings. Eleventh IEEE International
    Workshops on , vol., no.pp. 95- 100, 2002
  • Strom, R. Banavar, G. Miller, K. Prakash, A.
    Ward, M., "Concurrency control and view
    notification algorithms for collaborative
    replicated objects," Computers, IEEE Transactions
    on , vol.47, no.4pp.458-471, Apr 1998

26
  • Questions ?
Write a Comment
User Comments (0)
About PowerShow.com