810,958 research outputs found
Policy based roles for distributed systems security
Distributed systems are increasingly being used in commercial environments necessitating the development of trustworthy and reliable security mechanisms. There is often no clear informal or formal specification of enterprise authorisation policies and no tools to translate policy specifications to access control implementation mechanisms such as capabilities or Access Control Lists. It is thus difficult to analyse the policy to detect conflicts or flaws and it is difficult to verify that the implementation corresponds to the policy specification. We present in this paper a framework for the specification of management policies. We are concerned with two types of policies: obligations which specify what activities a manager or agent must or must not perform on a set of target objects and authorisations which specify what activities a subject (manager or agent) can or can not perform on the set of target objects. Management policies are then grouped into roles reflecting the organisation..
On Secure Workflow Decentralisation on the Internet
Decentralised workflow management systems are a new research area, where most
work to-date has focused on the system's overall architecture. As little
attention has been given to the security aspects in such systems, we follow a
security driven approach, and consider, from the perspective of available
security building blocks, how security can be implemented and what new
opportunities are presented when empowering the decentralised environment with
modern distributed security protocols. Our research is motivated by a more
general question of how to combine the positive enablers that email exchange
enjoys, with the general benefits of workflow systems, and more specifically
with the benefits that can be introduced in a decentralised environment. This
aims to equip email users with a set of tools to manage the semantics of a
message exchange, contents, participants and their roles in the exchange in an
environment that provides inherent assurances of security and privacy. This
work is based on a survey of contemporary distributed security protocols, and
considers how these protocols could be used in implementing a distributed
workflow management system with decentralised control . We review a set of
these protocols, focusing on the required message sequences in reviewing the
protocols, and discuss how these security protocols provide the foundations for
implementing core control-flow, data, and resource patterns in a distributed
workflow environment
Integrating security in a group oriented distributed system
A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group oriented abstractions robust in hostile settings, in order to facilitate the construction of high performance distributed applications that can tolerate both component failures and malicious attacks. These abstractions include process groups and causal group multicast. Moreover, a delegation and access control scheme is proposed for use in group oriented systems. The focus is the security architecture; particular cryptosystems and key exchange protocols are not emphasized
Capacity and Security of Heterogeneous Distributed Storage Systems
We study the capacity of heterogeneous distributed storage systems under
repair dynamics. Examples of these systems include peer-to-peer storage clouds,
wireless, and Internet caching systems. Nodes in a heterogeneous system can
have different storage capacities and different repair bandwidths. We give
lower and upper bounds on the system capacity. These bounds depend on either
the average resources per node, or on a detailed knowledge of the node
characteristics. Moreover, we study the case in which nodes may be compromised
by an eavesdropper, and give bounds on the system secrecy capacity. One
implication of our results is that symmetric repair maximizes the capacity of a
homogeneous system, which justifies the model widely used in the literature.Comment: 7 pages, 2 figure
Distributed Access Control for Web and Business Processes
Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes
- …