Concurrency control in distributed database systems
Concurrency control in distributed database systems
Distributed snapshots: determining global states of distributed systems
ACM Transactions on Computer Systems (TOCS)
Consistent global states of distributed systems: fundamental concepts and mechanisms
Distributed systems (2nd Ed.)
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Distributed Systems: Principles and Paradigms
Distributed Systems: Principles and Paradigms
COCA: A secure distributed online certification authority
ACM Transactions on Computer Systems (TOCS)
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Preserving Privacy in Environments with Location-Based Applications
IEEE Pervasive Computing
On context in authorization policy
Proceedings of the eighth ACM symposium on Access control models and technologies
Cerberus: A Context-Aware Security Scheme for Smart Spaces
PERCOM '03 Proceedings of the First IEEE International Conference on Pervasive Computing and Communications
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Automated trust negotiation using cryptographic credentials
Proceedings of the 12th ACM conference on Computer and communications security
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Secure context-sensitive authorization
Pervasive and Mobile Computing
Safety and consistency in policy-based authorization systems
Proceedings of the 13th ACM conference on Computer and communications security
Scalability in a secure distributed proof system
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Enforcing Safety and Consistency Constraints in Policy-Based Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
Stale-safe security properties for group-based secure information sharing
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Confidentiality-preserving distributed proofs of conjunctive queries
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
On the consistency of distributed proofs with hidden subtrees
ACM Transactions on Information and System Security (TISSEC)
Integrating trust management and access control in data-intensive Web applications
ACM Transactions on the Web (TWEB)
Hi-index | 0.00 |
In distributed proof construction systems, information release policies can make it unlikely that any single node in the system is aware of the complete structure of any particular proof tree. This property makes it difficult for queriers to determine whether the proofs constructed using these protocols sampled a consistent snapshot of the system state; this has previously been shown to have dire consequences in decentralized authorization systems. Unfortunately, the consistency enforcement solutions presented in previous work were designed for systems in which only information encoded in certificates issued by certificate authorities is used during the decision-making process. Further, they assume that each piece of certified evidence used during proof construction is available to the decision-making node at runtime. In this paper, we generalize these previous results and present lightweight mechanisms through which consistency constraints can be enforced in proof systems in which the full details of a proof may be unavailable to the querier and the existence of certificate authorities for certifying evidence is unlikely; these types of distributed proof systems are likely candidates for use in pervasive computing and sensor network environments. We present modifications to one such distributed proof system that enable two types of consistency constraints to be enforced while still respecting the same confidentiality and integrity policies as the original proof system. Further, we detail a performance analysis that illustrates the modest overheads of our consistency enforcement schemes.