Controlling Collaborative Systems
-Srinivas Krishnan
Dept of Computer Science
UNC-Chapel Hill
Collaborative Systems
Shared Resource
Access Control
Access Control
Requirements for Access Control Systems
The access control operations must be idempotent
Scalability: Need to support N-users, as well as distributed
resources Preferred Goals
Transparency Ease of Administration
Requirements for Access Control Systems
Access Control Systems are built in layers
Permissions
Notifications
AUDIT
Access Matrix
.• Access specified on a per object basis
•Each user is given certain permissions
• To scale this further Access Control Lists are used
•Systems that use AMs: Grove, RTCAL (central admin provides the permissions to all objects)
ACL and CCL
•Access Control Matrices are linked together to form ACLs for each object
•Capability Lists are the opposite of ACLS, where users maintain which objects they have access to.
ACLCCL
Pros and Cons of ACLs
Easy to implement and maintain Dynamic changing of rights hard Needs knowledge of each users needs
before hand. Not always possible in a collaborative
environment Also each user/object needs to be explicitly
given permissions
Role Based Access Control (Sandhu et al)
Permissions are assigned to roles User authenticates in a 2 step process
Users Roles
Request
Role
Permissions
Resources
RBAC (cont)
Notion of a session Bound to a single user accessing the resource
and the roles he needs Needs a policy in place generic enough to
accommodate all accesses Did not allow for migration of roles within a
single session
Spatial Access Control
Divides collaborative environment into spaces
Collaborative Environment
Collaborative Environment
Space
Collaborative Environment
Space
Collaborative Environment
Space
Spatial Access Control
Uses an access graph to allow for traversal between the various spaces
Further we can provide constraints in movement from space to space
SpaceA
SpaceB
SpaceC
User1 User1
User2
Test Setting Taking the Test
Correction Results
ProfessorStudent Student
Student
StudentProfessor
Implementation Issues
Order of updates and notification matter Cannot depend on a global clock to be
synchronized
Permissions
Give Access to Bob (Op1)
Remove Access to Bob (Op2)
Solution for Order of Updates Most fine-grained locking operations require “Total-Ordering”
Perform Operation
Check Update Counter
Remote Counter
> Local < LocalAdopt Remote Counter X
=
Fine-Grained Access Control
Traditional Modes do not scale too well for N-users needing dynamic rights
Fast provision of permissions Optimistic Locks and Access Control can
provide native performance
Optimistic Control
“Make the user ask forgiveness not permission”
A similar system exists in UNIX with sudo. However, changes are permanent
Resource
John
Everyday access
John
Move Resource
Fire in Building
Access Denied
Optimistic Access Control
Needs different points of entry
Resource
Access Control
AUDIT
Normal Entry
ElevatedEntry
Optimistic Control
Guaranteed Protection
No Protection
Transaction
Transaction New State
New State Compensating
Auditing Optimism
Verification Classes
Integrity Rules must be verified at all times
ResourceTransaction Compensation
Verify
Users
Logger
Simple Optimistic Access Control
File
AuthModules
TransactionChecker
Write to File
PTP LOG
Verify
Log
Case-Study: P2P Collaborative Systems
MOTION: Provides Access Control in a P2P environment No Centralized Access Control
Scalability: N-Users N-Auth Modules Dynamic Entry & Exit of Users
Role Based Access Control L1 peer & L2 peer L1 peers protect resources
Architecture
Improving Motion
Requester L1/L2 Peer
Distributed Search
L1/L2 Peer
Perform Op
Peer
Summary
Access Control essential for maintaining a secure Collaborative Environment
Access Control can introduce lag and degrade a user’s experience
Optimistic Access Control algorithms can be used to allow user’s to experience native performance
References: Tolone, W., Ahn, G., Pai, T., and Hong, S. 2005. Access control in collaborative
systems. ACM Comput. Surv. 37, 1 (Mar. 2005), 29-41. Povey, D. 2000. Optimistic security: a new access control paradigm. In
Proceedings of the 1999 Workshop on New Security Paradigms (Caledon Hills, Ontario, Canada, September 22 - 24, 1999). NSPW '99. ACM Press, New York, NY, 40-45.
Chengzheng Sun, "Optional and Responsive Fine-Grain Locking in Internet-Based Collaborative Systems," IEEE Transactions on Parallel and Distributed Systems ,vol. 13, no. 9, pp. 994-1008, September, 2002.
Fenkam, P.; Dustdar, S.; Kirda, E.; Reif, G.; Gall, H., "Towards an access control system for mobile peer-to-peer collaborative environments," Enabling Technologies: Infrastructure for Collaborative Enterprises, 2002. WET ICE 2002. Proceedings. Eleventh IEEE International Workshops on , vol., no.pp. 95- 100, 2002
Strom, R.; Banavar, G.; Miller, K.; Prakash, A.; Ward, M., "Concurrency control and view notification algorithms for collaborative replicated objects," Computers, IEEE Transactions on , vol.47, no.4pp.458-471, Apr 1998
Questions ?