Password-based protection of clustered segments in distributed memory systems

With reference to a distributed system consisting of nodes connected by a local area network, we consider the problems related to the distribution, verification, review and revocation of access permissions. We propose the organization of a protection system that takes advantage of a form of protecte...

Full description

Saved in:
Bibliographic Details
Published in:Journal of parallel and distributed computing Vol. 115; pp. 29 - 40
Main Author: Lopriore, Lanfranco
Format: Journal Article
Language:English
Published: Elsevier Inc 01.05.2018
Subjects:
Access right
Distributed system
Parametric one-way function
Protection
Revocation
Segment
Access right
Distributed system
Protection
Segment
Parametric one-way function
Revocation
ISSN:0743-7315, 1096-0848
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With reference to a distributed system consisting of nodes connected by a local area network, we consider the problems related to the distribution, verification, review and revocation of access permissions. We propose the organization of a protection system that takes advantage of a form of protected pointer, the handle, to reference clusters of segments allocated in the same node. A handle is expressed in terms of a selector and a password. The selector specifies the segments, the password specifies an access right, read or write. Two primary passwords are associated with each cluster, corresponding to an access permission for all the segments in that cluster. A handle weakening algorithm takes advantage of a parametric one-way function to generate secondary passwords corresponding to less segments. A small set of protection primitives makes it possible to allocate and delete segments in active clusters, and to use handles to access remote segments both to read and to write. The resulting protection environment is evaluated from a number of viewpoints, which include handle forging, review and revocation, the memory costs for handle storage, the execution times for handle validation and the network traffic generated by the execution of the protection primitives. An indication of the flexibility of the handle concept is given by applying handles to the solution of a variety of protection problems. •We refer to a distributed system consisting of nodes connected by a local area network.•We consider the distribution, verification, review and revocation of access permissions.•A form of protected pointer, the handle, is used to reference clusters of memory segments allocated in the same node.•A handle referencing a given cluster includes a password and a selector of the segments in that cluster.•We take advantage of a parametric one-way function for password generation.
ISSN:0743-7315
1096-0848
DOI:10.1016/j.jpdc.2018.01.003