PACISSO: P2P Access Control Incorporating Scalability and Self-Organization for Storage Systems

A common challenge in fully distributed storage systems is the management of access rights to stored files. PACISSO is an efficient and scalable solution for distributed access control, applicable to systems consisting entirely of untrusted nodes. We give both theoretical bounds on the cost of basic operations, and also include end-to-end measurements based on an implementation within a complete P2P object store named Celeste. All measurements revealed an efficient behavior which scales to very large numbers of users and objects. In more detail, our access control scheme requires only minimal trust in single peers. Write access control is carried out by a set of Gatekeeper nodes which act on behalf of the file owner, and assert authorization of write operations by a Byzantine-fault-tolerant protocol and a shared-signature scheme. While the same Gatekeepers assure read access to the latest written version through a new protocol, we adapt previous research on group key management to achieve scalable read access control. Our approach allows for re-constitution of the Gatekeepers at runtime, in effect making them self-organizing for changing object ownership, for establishing messaging services, and also for allowing users to determine the groups and objects to which they have access. email addresses: [email protected] [email protected] [email protected] © 2007 Sun Microsystems, Inc. All rights reserved. The SML Technical Report Series is published by Sun Microsystems Laboratories, of Sun Microsystems, Inc. Printed in U.S.A. Unlimited copying without fee is permitted provided that the copies are not made nor distributed for direct commercial advantage, and credit to the source is given. Otherwise, no part of this work covered by copyright hereon may be reproduced in any form or by any means graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an information retrieval system, without the prior written permission of the copyright owner. TRADEMARKS Sun, Sun Microsystems, the Sun logo, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. For information regarding the SML Technical Report Series, contact Jeanie Treichel, Editor-in-Chief .All technical reports are available online on our website, http://research.sun.com/techrep/. PACISSO: P2P Access Control Incorporating Scalability and Self-Organization for Storage Systems Erol Koç ETH Zurich, Switzerland [email protected] ∗ Marcel Baur ETH Zurich, Switzerland [email protected] † Germano Caronni Sun Microsystems Laboratories [email protected] †