Controlling Collaborative Systems -Srinivas Krishnan Dept of Computer Science UNC-Chapel Hill.

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Agent agent Outline of Presentation Introduction: Inter-Agent Message Passing ARP: Design and Analysis Generalization: A Generic Framework Conclusion.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Chapter 7 LAN Operating Systems LAN Software Software Compatibility Network Operating System (NOP) Architecture NOP Functions NOP Trends.
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
Using DSVM to Implement a Distributed File System Ramon Lawrence Dept. of Computer Science
8.2 Discretionary Access Control Models Weiling Li.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Chapter 5 Database Application Security Models
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Understanding Active Directory
Summary For Chapter 8 Student: Zhibo Wang Professor: Yanqing Zhang.
Li Xiong CS573 Data Privacy and Security Access Control.
Security Protocols in Automation Dwaine Clarke MIT Laboratory for Computer Science January 8, 2002 With help from: Matt Burnside, Todd.
IModus User Group 18 th September. Welcome Group Introductions Brand Update Mobilising iModus Introducing the new range Discussion - Mobilising your business.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Protection.
Module 6: Designing Active Directory Security in Windows Server 2008.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah.
11 MANAGING AND MONITORING DHCP Chapter 2. Chapter 2: MANAGING AND MONITORING DHCP2 MANAGING DHCP: COMMON DHCP ADMINISTRATIVE TASKS  Configure or modify.
Computer Science Topical Paper Presentation #15 Zach Sloger The Secure Blackboard Pattern S e c u r e B l a c k b o a r d P a t t e r n – P a.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
Li Xiong CS573 Data Privacy and Security Access Control.
Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.
Protection Models Yeong-Tay Timothy Sun September 27, Dennis Kafura – CS5204 – Operating Systems.
Peer-to-Peer (P2P) Computing Yi Zhang. Agenda History What is P2P Client/Server and P2P Why P2P Problems and possible solution P2P middleware services.
Chapter 10: Rights, User, and Group Administration.
SOME ISSUES OF ROLE- BASED COLLABORATION Haibin Zhu, PhD Member, IEEE, Assistant Professor Dept. of Computer Science, Nipissing University, 100 College.
Access Control in Collaborative Systems William Tolone, Gail-Joon Ahn, Tanusree Pai & Seng-Phil Hong.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
1 Welcome Hans Andersson Der Yao Leong Yee Jiun Song Wendy Tobagus Yang Bei Sherif Yousef.
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
Discretionary Access Control Models Adith Srinivasan.
Computer Security: Principles and Practice
CSC 8320 Advanced Operating System Discretionary Access Control Models Presenter: Ke Gao Instructor: Professor Zhang.
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
The Claromentis Digital Workplace An Introduction
Distributed File Systems Questions answered in this lecture: Why are distributed file systems useful? What is difficult about distributed file systems?
From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.
Dsitributed File Systems
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.
Overview Issues in Mobile Databases – Data management – Transaction management Mobile Databases and Information Retrieval.
Chapter 14: System Protection
Instructor Materials Chapter 9: NAT for IPv4
Routing and Switching Essentials v6.0
Comparison of LAN, MAN, WAN
Instructor Materials Chapter 9: NAT for IPv4
Outline Midterm results summary Distributed file systems – continued
OS Access Control Mauricio Sifontes.
Distributed Systems CS
Chapter 14: Protection.
Ch 6. Summary Gang Shen.
From Use Cases to Implementation
Presentation transcript:

Controlling Collaborative Systems -Srinivas Krishnan Dept of Computer Science UNC-Chapel Hill

Collaborative Systems Shared Resource Access Control

Requirements for Access Control Systems The access control operations must be idempotent Scalability: Need to support N-users, as well as distributed resources Preferred Goals Transparency Ease of Administration

Requirements for Access Control Systems Access Control Systems are built in layers Permissions Notifications AUDITAUDIT

Access Matrix. Access specified on a per object basis Each user is given certain permissions To scale this further Access Control Lists are used Systems that use AMs: Grove, RTCAL (central admin provides the permissions to all objects)

ACL and CCL Access Control Matrices are linked together to form ACLs for each object Capability Lists are the opposite of ACLS, where users maintain which objects they have access to. ACL CCL

Pros and Cons of ACLs Easy to implement and maintain Dynamic changing of rights hard Needs knowledge of each users needs before hand. Not always possible in a collaborative environment Also each user/object needs to be explicitly given permissions

Role Based Access Control (Sandhu et al) Permissions are assigned to roles User authenticates in a 2 step process Users Roles Request Role Permissions Resources

RBAC (cont) Notion of a session Bound to a single user accessing the resource and the roles he needs Needs a policy in place generic enough to accommodate all accesses Did not allow for migration of roles within a single session

Spatial Access Control Divides collaborative environment into spaces Collaborative Environment Collaborative Environment Space Collaborative Environment Space Collaborative Environment Space

Spatial Access Control Uses an access graph to allow for traversal between the various spaces Further we can provide constraints in movement from space to space Space A Space B Space C User1 User2

Test Setting Taking the Test CorrectionResults Professor Student Professor

Implementation Issues Order of updates and notification matter Cannot depend on a global clock to be synchronized Permissions Give Access to Bob (Op1) Remove Access to Bob (Op2)

Solution for Order of Updates Most fine-grained locking operations require “Total-Ordering” Perform Operation Check Update Counter Remote Counter > Local < Local Adopt Remote Counter X =

Fine-Grained Access Control Traditional Modes do not scale too well for N- users needing dynamic rights Fast provision of permissions Optimistic Locks and Access Control can provide native performance

Optimistic Control “Make the user ask forgiveness not permission” A similar system exists in UNIX with sudo. However, changes are permanent Resource John Everyday access John Move Resource Fire in Building Access Denied

Optimistic Access Control Needs different points of entry Resource Access Control AUDITAUDIT Normal Entry Elevated Entry

Optimistic Control Guaranteed Protection No Protection Transaction New State Compensating

Auditing Optimism Verification Classes Integrity Rules must be verified at all times Resource TransactionCompensation Verify Users

Logger Simple Optimistic Access Control File Auth Modules Transaction Checker Write to File PTPLOG Verify Log

Case-Study: P2P Collaborative Systems MOTION: Provides Access Control in a P2P environment No Centralized Access Control Scalability: N-Users N-Auth Modules Dynamic Entry & Exit of Users Role Based Access Control L1 peer & L2 peer L1 peers protect resources

Architecture

Improving Motion

Summary Access Control essential for maintaining a secure Collaborative Environment Access Control can introduce lag and degrade a user’s experience Optimistic Access Control algorithms can be used to allow user’s to experience native performance

References: Tolone, W., Ahn, G., Pai, T., and Hong, S Access control in collaborative systems. ACM Comput. Surv. 37, 1 (Mar. 2005), Povey, D Optimistic security: a new access control paradigm. In Proceedings of the 1999 Workshop on New Security Paradigms (Caledon Hills, Ontario, Canada, September , 1999). NSPW '99. ACM Press, New York, NY, Chengzheng Sun, "Optional and Responsive Fine-Grain Locking in Internet- Based Collaborative Systems," IEEE Transactions on Parallel and Distributed Systems,vol. 13, no. 9, pp , September, Fenkam, P.; Dustdar, S.; Kirda, E.; Reif, G.; Gall, H., "Towards an access control system for mobile peer-to-peer collaborative environments," Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE Proceedings. Eleventh IEEE International Workshops on, vol., no.pp , 2002 Strom, R.; Banavar, G.; Miller, K.; Prakash, A.; Ward, M., "Concurrency control and view notification algorithms for collaborative replicated objects," Computers, IEEE Transactions on, vol.47, no.4pp , Apr 1998

Questions ?