With reference to a distributed environment consisting of nodes connected in an arbitrary network topology, we propose the organization of a protection system in which a set of subjects, e.g. processes, generates access attempts to memory segments. One or more primary passwords are associated with each node. An access to a given segment can be accomplished successfully only if the subject attempting the access holds an access privilege, certified by possession of a valid protected pointer (p-pointer) referencing that segment. Each p-pointer includes a local password; the p-pointer is valid if the local password descends from a primary password by application of a universally known, parametric one-way generation function. A set of protection primitives makes it possible to manage the primary passwords, to reduce p-pointers to include less access rights, to allocate new segments, to delete existing segments, to read the segment contents and to overwrite these contents. The resulting protection environment is evaluated from a number of viewpoints, which include p-pointer forging and revocation, the network traffic generated by the execution of the protection primitives, the memory requirements for p-pointer storage, security, and the relation of our work to previous work. An indication of the flexibility of the p-pointer concept is given by applying p-pointers to the solution of a variety of protection problems.
Protected pointers to specify access privileges in distributed systems
Lanfranco Lopriore
Primo
;
2019-01-01
Abstract
With reference to a distributed environment consisting of nodes connected in an arbitrary network topology, we propose the organization of a protection system in which a set of subjects, e.g. processes, generates access attempts to memory segments. One or more primary passwords are associated with each node. An access to a given segment can be accomplished successfully only if the subject attempting the access holds an access privilege, certified by possession of a valid protected pointer (p-pointer) referencing that segment. Each p-pointer includes a local password; the p-pointer is valid if the local password descends from a primary password by application of a universally known, parametric one-way generation function. A set of protection primitives makes it possible to manage the primary passwords, to reduce p-pointers to include less access rights, to allocate new segments, to delete existing segments, to read the segment contents and to overwrite these contents. The resulting protection environment is evaluated from a number of viewpoints, which include p-pointer forging and revocation, the network traffic generated by the execution of the protection primitives, the memory requirements for p-pointer storage, security, and the relation of our work to previous work. An indication of the flexibility of the p-pointer concept is given by applying p-pointers to the solution of a variety of protection problems.File | Dimensione | Formato | |
---|---|---|---|
Manuscript.pdf
accesso aperto
Descrizione: Articolo principale
Tipologia:
Documento in Pre-print
Licenza:
Creative commons
Dimensione
484.86 kB
Formato
Adobe PDF
|
484.86 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.