|
|
PACISSO: P2P Access Control Incorporating Scalability and Self-Organization for Storage Systems
|
Author(s):
|
|
Erol Koc, Marcel Baur and Germano Caronni
|
|
Report Number:
|
Date Published:
|
Available Formats:
|
|
TR-2007-165
|
June 2007
|
Portable Document Format (PDF)
Request Hard Copy
|
| Abstract |
|
A common challenge in fully distributed storage systems is the management of access rights to stored files. PACISSO is an efficient and scalable solution for distributed access control, applicable to systems consisting entirely of untrusted nodes. We give both theoretical bounds on the cost of basic operations, and also include end-to-end measurements based on an implementation within a complete P2P object store named Celeste. All measurements revealed an efficient behavior which scales to very large numbers of users and objects.
In more detail, our access control scheme requires only minimal trust in single peers. Write access control is carried out by a set of Gatekeeper nodes which act on behalf of the file owner, and assert authorization of write operations by a Byzantine-fault-tolerant protocol and a shared-signature scheme. While the same Gatekeepers assure read access to the latest written version through a new protocol, we adapt previous research on group key management to achieve scalable read access control. Our approach allows for re-constitution of the Gatekeepers at runtime, in effect making them self-organizing for changing object ownership, for establishing messaging services, and also for allowing users to determine the groups and objects to which they have access.
|
|
|
