Parameterizing Access Control for Heterogeneous Peer-to-Peer Applications

Abstract—Peer-to-peer overlays are being used for domain name resolution, massive multiplayer games, cooperative spam filtering, content sales and distribution, digital libraries, and data storage. As a result, applications often have conflicting access control needs. For example, an interactive game that needs fast response times for permission requests may prefer a capabilitybased access control subsystem (since the capabilities could be replicated). On the other hand, a digital library would choose an access control list approach (since it needs the ability to revoke permissions efficiently). Overlay designers are forced to either make an a priori choice for all applications, or to provide no access control functionality. We introduce DAAL (Decentralized Authentication and Authorization Layer) to allow application designers and users to select differing access control characteristics for each object. This allows a developer to use capability-like characteristics for objects whose access requests must complete quickly, while employing access control list-like functionality for other objects whose access needs to be efficiently revocable. Further, users can trade the efficiency of permission request and revoke operations for each object by adjusting its access control parameters. We empirically identify a simple criterion for parameter selection that guarantees good performance in the face of any predefined fraction of malicious peers in the overlay. I