Distributed and Secure Access Control in P2P Databases
نویسندگان
چکیده
The intent of peer data management systems (PDMS) is to share as much data as possible. However, in many applications leveraging sensitive data, users demand adequate mechanisms to restrict the access to authorized parties. In this paper, we study a distributed access control model, where data items are stored, queried and authenticated in a totally decentralized fashion. Our contribution focuses on the design of a comprehensive framework for access control enforcement in PDMS sharing secure data, which blends policy rules defined in a declarative language with distributed key management schemes. The data owner peer decides which data to share and whom to share with by means of such policies, with the data encrypted accordingly. To defend against malicious attackers who can compromise the peers, the decryption keys are decomposed into pieces scattered amongst peers. We discuss the details of how to adapt distributed encryption schemes to PDMS to enforce robust and resilient access control, and demonstrate the efficiency and scalability of our approach by means of an extensive experimental study.
منابع مشابه
Analysis of Challenges in the Design and Development of Multi-Level Secure Databases
Database security mainly deal with the secrecy, integrity and availability of data stored in a database. The common threats to the databases involve Privilege Abuse, Weak Authentication, Weak Audit Trails and Operating System Vulnerabilities. To make the security least compromised; all users are required to follow the rules set up by Database Administrator. These rules are said to be Mandatory ...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملSecurity Enforcement in the DOK Federated Database System
The Distributed Object Kernel (DOK) is a federated database system currently under development at the Royal Melbourne Institute of Technology. One of the issues currently under study is the development of a federated access control, as well a secure logical architecture allowing the DOK system to enforce federated security policies in the context of autonomous, distributed and heterogeneous dat...
متن کاملPeersum : Gestion des résumés de données dans les systèmes P2P
Sharing huge, massively distributed databases in P2P systems is inherently difficult. As the amount of stored data increases, data localization techniques become no longer sufficient. A practical approach is to rely on compact database summaries rather than raw database records, whose access is costly in large P2P
متن کاملPeerSum: Summary Management in P2P Systems
Sharing huge, massively distributed databases in P2P systems is inherently difficult. As the amount of stored data increases, data localization techniques become no longer sufficient. A practical approach is to rely on compact database summaries rather than raw database records, whose access is costly in large P2P
متن کامل