Password-based protection of clustered segments in distributed memory systems

With reference to a distributed system consisting of nodes connected by a local area network, we consider the problems related to the distribution, verification, review and revocation of access permissions. We propose the organization of a protection system that takes advantage of a form of protecte...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of parallel and distributed computing Jg. 115; S. 29 - 40
1. Verfasser: Lopriore, Lanfranco
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Elsevier Inc 01.05.2018
Schlagworte:
Access right
Distributed system
Parametric one-way function
Protection
Revocation
Segment
Access right
Distributed system
Protection
Segment
Parametric one-way function
Revocation
ISSN:0743-7315, 1096-0848
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:With reference to a distributed system consisting of nodes connected by a local area network, we consider the problems related to the distribution, verification, review and revocation of access permissions. We propose the organization of a protection system that takes advantage of a form of protected pointer, the handle, to reference clusters of segments allocated in the same node. A handle is expressed in terms of a selector and a password. The selector specifies the segments, the password specifies an access right, read or write. Two primary passwords are associated with each cluster, corresponding to an access permission for all the segments in that cluster. A handle weakening algorithm takes advantage of a parametric one-way function to generate secondary passwords corresponding to less segments. A small set of protection primitives makes it possible to allocate and delete segments in active clusters, and to use handles to access remote segments both to read and to write. The resulting protection environment is evaluated from a number of viewpoints, which include handle forging, review and revocation, the memory costs for handle storage, the execution times for handle validation and the network traffic generated by the execution of the protection primitives. An indication of the flexibility of the handle concept is given by applying handles to the solution of a variety of protection problems. •We refer to a distributed system consisting of nodes connected by a local area network.•We consider the distribution, verification, review and revocation of access permissions.•A form of protected pointer, the handle, is used to reference clusters of memory segments allocated in the same node.•A handle referencing a given cluster includes a password and a selector of the segments in that cluster.•We take advantage of a parametric one-way function for password generation.
ISSN:0743-7315
1096-0848
DOI:10.1016/j.jpdc.2018.01.003