Concurrency control in distributed database systems
Concurrency control in distributed database systems
Understanding the limitations of causally and totally ordered communication
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Distributed snapshots: determining global states of distributed systems
ACM Transactions on Computer Systems (TOCS)
Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
Time, clocks, and the ordering of events in a distributed system
Communications of the ACM
Distributed Systems: Principles and Paradigms
Distributed Systems: Principles and Paradigms
COCA: A secure distributed online certification authority
ACM Transactions on Computer Systems (TOCS)
ACM Transactions on Information and System Security (TISSEC)
IEEE Internet Computing
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Secrecy, authentication, and public key systems.
Secrecy, authentication, and public key systems.
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Preventing attribute information leakage in automated trust negotiation
Proceedings of the 12th ACM conference on Computer and communications security
Automated trust negotiation using cryptographic credentials
Proceedings of the 12th ACM conference on Computer and communications security
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Secure context-sensitive authorization
Pervasive and Mobile Computing
Safety in automated trust negotiation
ACM Transactions on Information and System Security (TISSEC)
Safety and consistency in policy-based authorization systems
Proceedings of the 13th ACM conference on Computer and communications security
Lightweight cnsistency enforcement schemes for distributed proofs with hidden subtrees
Proceedings of the 12th ACM symposium on Access control models and technologies
Proving the Correctness of Multiprocess Programs
IEEE Transactions on Software Engineering
Scalability in a secure distributed proof system
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Interactive credential negotiation for stateful business processes
iTrust'05 Proceedings of the Third international conference on Trust Management
Confidentiality-preserving distributed proofs of conjunctive queries
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Effective trust management through a hybrid logical and relational approach
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
On the consistency of distributed proofs with hidden subtrees
ACM Transactions on Information and System Security (TISSEC)
Defining trust evidence: research directions
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Integrating trust management and access control in data-intensive Web applications
ACM Transactions on the Web (TWEB)
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems
Proceedings of the 2012 workshop on New security paradigms
Proceedings of the 2013 workshop on New security paradigms workshop
Hi-index | 0.02 |
In trust negotiation and other forms of distributed proving, networked entities cooperate to form proofs of authorization that are justified by collections of certified attribute credentials. These attributes may be obtained through interactions with any number of external entities and are collected and validated over an extended period of time. Although these collections of credentials in some ways resemble partial system snapshots, current trust negotiation and distributed proving systems lack the notion of a consistent global state in which the satisfaction of authorization policies should be checked. In this article, we argue that unlike the notions of consistency studied in other areas of distributed computing, the level of consistency required during policy evaluation is predicated solely upon the security requirements of the policy evaluator. As such, there is little incentive for entities to participate in complicated consistency preservation schemes like those used in distributed computing, distributed databases, and distributed shared memory. We go on to show that the most intuitive notion of consistency fails to provide basic safety guarantees under certain circumstances and then propose several more refined notions of consistency that provide stronger safety guarantees. We provide algorithms that allow each of these refined notions of consistency to be attained in practice with minimal overheads and formally prove several security and privacy properties of these algorithms. Lastly, we explore the notion of strategic design trade-offs in the consistency enforcement algorithm space and propose several modifications to the core algorithms presented in this article. These modifications enhance the privacy-preservation or completeness properties of these algorithms without altering the consistency constraints that they enforce.