Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
Implementing fault-tolerant services using the state machine approach: a tutorial
ACM Computing Surveys (CSUR)
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Managing update conflicts in Bayou, a weakly connected replicated storage system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Grapevine: an exercise in distributed computing
Communications of the ACM
Communications of the ACM
Wide-area cooperative storage with CFS
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Constraint Databases: A Survey
Selected Papers from a Workshop on Semantics in Databases
A General and Flexible Access-Control System for the Web
Proceedings of the 11th USENIX Security Symposium
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Farsite: federated, available, and reliable storage for an incompletely trusted environment
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Ivy: a read/write peer-to-peer file system
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Persistent personal names for globally connected mobile devices
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Alpaca: extensible authorization for distributed services
Proceedings of the 14th ACM conference on Computer and communications security
Queue - Scalable Web Services
Effective and efficient compromise recovery for weakly consistent replication
Proceedings of the 4th ACM European conference on Computer systems
Cimbiosys: a platform for content-based partial replication
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
Depot: cloud storage with minimal trust
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Policy expressivity in the Anzere personal cloud
Proceedings of the 2nd ACM Symposium on Cloud Computing
Distributed overlay maintenance with application to data consistency
Globe'11 Proceedings of the 4th international conference on Data management in grid and peer-to-peer systems
Depot: Cloud Storage with Minimal Trust
ACM Transactions on Computer Systems (TOCS)
Confidant: protecting OSN data without locking it up
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
Don't trust your roommate or access control and replication protocols in "Home" environments
HotStorage'12 Proceedings of the 4th USENIX conference on Hot Topics in Storage and File Systems
Confidant: protecting OSN data without locking it up
Proceedings of the 12th International Middleware Conference
Toward strong, usable access control for shared distributed data
FAST'14 Proceedings of the 12th USENIX conference on File and Storage Technologies
| Hi-index | 0.00 |
Combining access control with weakly consistent replication presents a challenge if the resulting system is to support eventual consistency. If authorization policy can be temporarily inconsistent, any given operation may be permitted at one node and yet denied at another. This is especially troublesome when the operation in question involves a change in policy. Without a careful design, permanently divergent state can result. We describe and evaluate the design and implementation of an access control system for weakly consistent replication where peers are not uniformly trusted. Our system allows for the specification of fine-grained access control policy over a collection of replicated items. Policies are expressed using a logical assertion framework and access control decisions are logical proofs. Policy can grow to encompass new nodes through fine-grain delegation of authority. Eventual consistency of the replicated data is preserved despite the fact that access control policy can be temporarily inconsistent.