Password-based protection of clustered segments in distributed memory systems

With reference to a distributed system consisting of nodes connected by a local area network, we consider the problems related to the distribution, verification, review and revocation of access permissions. We propose the organization of a protection system that takes advantage of a form of protecte...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Journal of parallel and distributed computing Ročník 115; s. 29 - 40
Hlavní autor: Lopriore, Lanfranco
Médium: Journal Article
Jazyk:angličtina
Vydáno: Elsevier Inc 01.05.2018
Témata:
Access right
Distributed system
Parametric one-way function
Protection
Revocation
Segment
Access right
Distributed system
Protection
Segment
Parametric one-way function
Revocation
ISSN:0743-7315, 1096-0848
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:With reference to a distributed system consisting of nodes connected by a local area network, we consider the problems related to the distribution, verification, review and revocation of access permissions. We propose the organization of a protection system that takes advantage of a form of protected pointer, the handle, to reference clusters of segments allocated in the same node. A handle is expressed in terms of a selector and a password. The selector specifies the segments, the password specifies an access right, read or write. Two primary passwords are associated with each cluster, corresponding to an access permission for all the segments in that cluster. A handle weakening algorithm takes advantage of a parametric one-way function to generate secondary passwords corresponding to less segments. A small set of protection primitives makes it possible to allocate and delete segments in active clusters, and to use handles to access remote segments both to read and to write. The resulting protection environment is evaluated from a number of viewpoints, which include handle forging, review and revocation, the memory costs for handle storage, the execution times for handle validation and the network traffic generated by the execution of the protection primitives. An indication of the flexibility of the handle concept is given by applying handles to the solution of a variety of protection problems. •We refer to a distributed system consisting of nodes connected by a local area network.•We consider the distribution, verification, review and revocation of access permissions.•A form of protected pointer, the handle, is used to reference clusters of memory segments allocated in the same node.•A handle referencing a given cluster includes a password and a selector of the segments in that cluster.•We take advantage of a parametric one-way function for password generation.
ISSN:0743-7315
1096-0848
DOI:10.1016/j.jpdc.2018.01.003