Withreferencetoadistributedsystemconsistingofnodesconnectedbyalocalareanetwork,we consider a salient aspect of the protection problem, the representation of access permissions and protection domains. We present a model of a protection system supporting typed objects. Possession of an access permission for a given object is certified by possession of an object pointer including the specification of a set of access rights. We associate an encryption key with each object and a password with each domain. Object pointers are stored in memory in a ciphertext form obtained by using the object key and including the value of the domain password. Each process is executed in a domain and can take advantage of a given object pointer only if this object pointer was encrypted by including the password of this domain. A set of protection primitives makes it possible to use object pointers for object reference and to control the movements of the objects across the network. The resulting protection environment is evaluated from a number of salient viewpoints, including ease of access right distribution and revocation, interprocess interaction and cooperation, protection against fraudulent actions of access right manipulation and stealing, storage overhead, and network traffic.

Object Protection in Distributed Systems

LOPRIORE, LANFRANCO
2013

Abstract

Withreferencetoadistributedsystemconsistingofnodesconnectedbyalocalareanetwork,we consider a salient aspect of the protection problem, the representation of access permissions and protection domains. We present a model of a protection system supporting typed objects. Possession of an access permission for a given object is certified by possession of an object pointer including the specification of a set of access rights. We associate an encryption key with each object and a password with each domain. Object pointers are stored in memory in a ciphertext form obtained by using the object key and including the value of the domain password. Each process is executed in a domain and can take advantage of a given object pointer only if this object pointer was encrypted by including the password of this domain. A set of protection primitives makes it possible to use object pointers for object reference and to control the movements of the objects across the network. The resulting protection environment is evaluated from a number of salient viewpoints, including ease of access right distribution and revocation, interprocess interaction and cooperation, protection against fraudulent actions of access right manipulation and stealing, storage overhead, and network traffic.
Lopriore, Lanfranco
File in questo prodotto:
File Dimensione Formato  
Main text.pdf

accesso aperto

Descrizione: Articolo principale
Tipologia: Documento in Post-print
Licenza: Creative commons
Dimensione 237.95 kB
Formato Adobe PDF
237.95 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/208209
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 1
social impact