Distributed proving in access-control systems

Author

Bauer, Lujo ; Garriss, Scott ; Reiter, Michael K.

Author_Institution

CyLab, Carnegie Mellon Univ., Pittsburgh, PA, USA

fYear

2005

fDate

8-11 May 2005

Firstpage

81

Lastpage

95

Abstract

We present a distributed algorithm for assembling a proof that a request satisfies an access-control policy expressed in a formal logic, in the tradition of Lampson et al. (1992). We show analytically that our distributed proof-generation algorithm succeeds in assembling a proof whenever a centralized prover utilizing remote certificate retrieval would do so. In addition, we show empirically that our algorithm outperforms centralized approaches in various measures of performance and usability notably the number of remote requests and the number of user interruptions. We show that when combined with additional optimizations including caching and automatic tactic generation, which we introduce here, our algorithm retains its advantage, while achieving practical performance. Finally, we briefly describe the utilization of these algorithms as the basis for an access-control framework being deployed for use at our institution.

Keywords

authorisation; cache storage; distributed algorithms; formal logic; software performance evaluation; access-control policy; access-control systems; automatic tactic generation; caching; distributed proof-generation algorithm; distributed proving; formal logic; performance; remote requests; usability; user interruptions; Access control; Algorithm design and analysis; Assembly; Computer science; Distributed algorithms; Logic; Military computing; Monitoring; Proposals; Usability;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2005 IEEE Symposium on

ISSN

1081-6011

Print_ISBN

0-7695-2339-0

Type

conf

DOI

10.1109/SP.2005.9

Filename

1425060