3rd International ICST Conference on Security and Privacy in Communication Networks

Research Article

Parameterizing Access Control for Heterogeneous Peer-to-Peer Applications

  • @INPROCEEDINGS{10.1109/SECCOM.2007.4550343,
        author={Ashish Gehani and Surendar Chandra},
        title={Parameterizing Access Control for Heterogeneous Peer-to-Peer Applications},
        proceedings={3rd International ICST Conference on Security and Privacy in Communication Networks},
        publisher={IEEE},
        proceedings_a={SECURECOMM},
        year={2008},
        month={6},
        keywords={Access control  Authentication  Delay  Digital filters  Filtering  Marketing and sales  Memory  Peer to peer computing  Permission  Software libraries},
        doi={10.1109/SECCOM.2007.4550343}
    }
    
  • Ashish Gehani
    Surendar Chandra
    Year: 2008
    Parameterizing Access Control for Heterogeneous Peer-to-Peer Applications
    SECURECOMM
    IEEE
    DOI: 10.1109/SECCOM.2007.4550343
Ashish Gehani1, Surendar Chandra2
  • 1: SRI
  • 2: University of Notre Dame

Abstract

Peer-to-peer overlays are being used for domain name resolution, massive multiplayer games, cooperative spam filtering, content sales and distribution, digital libraries, and data storage. As a result, applications often have conflicting access control needs. For example, an interactive game that needs fast response times for permission requests may prefer a capabilitybased access control subsystem (since the capabilities could be replicated). On the other hand, a digital library would choose an access control list approach (since it needs the ability to revoke permissions efficiently). Overlay designers are forced to either make an a priori choice for all applications, or to provide no access control functionality. We introduce DAAL (Decentralized Authentication and Authorization Layer) to allow application designers and users to select differing access control characteristics for each object. This allows a developer to use capability-like characteristics for objects whose access requests must complete quickly, while employing access control list-like functionality for other objects whose access needs to be efficiently revocable. Further, users can trade the efficiency of permission request and revoke operations for each object by adjusting its access control parameters. We empirically identify a simple criterion for parameter selection that guarantees good performance in the face of any predefined fraction of malicious peers in the overlay.