Replicated Secure Shared Objects for Groupware Applications

This report describes the design and implementation of a secure shared replicated objects system, intended for use by groupware application programmers. The system enables such programmers to incorporate conceptually shared objects into their programs in order to provide the users with access to shared information. Access to each object is restricted to trusted parties by applying access control to its methods. Our system is different from existing implementations because it employs a replicated architecture. We believe that replication of the data is essential in order to achieve acceptable interactive performance levels when invoking methods that read the object state and indeed we show that such methods are significantly faster than a similar secure shared object system which is based on a client-server architecture which does not employ replication. The implementation includes a secure group communications system, the design of which is also included in this report. 1 Introductio

PerDiS: design, implementation, and use of a PERsistent DIstributed Store

International audienceThe PerDiS (Persistent Distributed Store) project addresses the issue of providing support for distributed collaborative engineering applications. We describe the design and implementation of the PerDiS platform, and its support for such applications. Collaborative engineering raises system issues related to the sharing of large volumes of fine-grain, complex objects across wide-area networks and administrative boundaries. PerDiS manages all these aspects in a well defined, integrated, and automatic way. Distributed application programming is simplified because it uses the same memory abstraction as in the centralized case. Porting an existing centralized program written in C or C++ is usually a matter of a few, well-isolated changes. We present some performance results from a proof-of-concept platform that runs a number of small, but real, distributed applications on Unix and Windows NT. These confirm that the PerDiS abstraction is well adapted to the targeted application area and that the overall performance is promising compared to alternative approache

A Security Model for Cooperative Work

This report proposes a security model designed to support cooperative tasks in which the security of the information used and produced is critical, and where the participants in a task are not equally trusted. This approach will support a range of security policies, including those in which the rights of participants in cooperative tasks are restricted to just those that they need in order to perform their roles - so-called `minimum privilege' policies. The model is designed to be implemented in a variety of distributed system environments, assuming a minimum of trusted system components. We describe an approach to the implementation of the security model in the context of a shared distributed object system and we outline an implementation architecture for an open distributed security system that will allow several security models to coexist in a single distributed system. The model has two levels at which access control is represented -- user level and programming level. Security poli..

Secure Group Communication for Groupware Applications

this paper we present our design for a group communication system intended for the implementation of secure groupware applications. Just as in real collaborative tasks in the workplace, it is often the case that participants in a groupware computer application do not have equal rights. This must be supported by the underlying group communication system. As a prelude to our design we introduce what we refer to as a model of trust in which we explicitly state the components in a system that are trusted and those which are not. Most attempts to provide secure group communication have had very simple blanket models of trust in which the assumption is made that all group members are trusted equally and all others are not trusted at all. Only one other implementation has catered for members that are trusted unequally, however that system was aimed at implementing high integrity services. It employs a very expensive protocol that renders it unsuitable for interactive groupware which demands a high response rate. We show that it is possible to tune the model of trust in order to simplify the protocol and thus enhance the performance of secure group communication for groupware. 1 Introductio

Protection of Shared Objects for Cooperative Work

This paper discusses the design of a system for the protection of shared persistent information objects that are intended to provide a basis for building cooperative applications. A task-based model of cooperative work is adopted and user and task requirements are based on an earlier case study undertaken by the authors. The key problem addressed is the mapping of user-level protection specifications onto groups of programming-level objects. A design for a two-level protection model to address this problem is outlined. January 31, 1995 1 1. Introduction This paper discusses the requirements for the protection of information in cooperative work and describes an approach to the design of a protection system. The design is intended for use in an otherwise open software environment in which cooperative tasks are carried out using cooperative applications accessing shared long-lived information objects in a distributed environment. Application software is assumed to be object-oriented, ..