Affiliation:
1. University of Cambridge, Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG England
Abstract
We discuss the protection requirements of a distributed storage service comprising a two-level hierarchy of storage servers with value-adding service layers above them. A flexible and extensible access control mechanism is required. Our scheme uses Access Control Lists (ACLs) to allow fine grained expression of policy together with capabilities for efficient runtime access after a once-off ACL check. Our capabilities are principal- specific and transient and their design ensures that access to objects is via the correct service hierarchy; for example, a directory object may only be manipulated via a directory service. The implementation of this protection is stateless at the servers above the storage service. The scheme also provides a convenient means to delegate rights for an object, temporarily, to an unprivileged server, for example a print-server. The fact that our capabilities are short-lived alleviates the requirement for selective revocation and crash recovery.
Publisher
Association for Computing Machinery (ACM)
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Object protection in distributed systems;Journal of Parallel and Distributed Computing;2013-05
2. Access control mechanisms in a distributed, persistent memory system;IEEE Transactions on Parallel and Distributed Systems;2002-10
3. JAC?Access right based encapsulation for Java;Software: Practice and Experience;2001
4. Secure Network Objects;Secure Internet Programming;1999