Parameterizing Access Control for Heterogeneous Peer-to-Peer - - PowerPoint PPT Presentation

▶

Nov 20, 2023 266 likes •445 views

Parameterizing Access Control for Heterogeneous Peer-to-Peer Applications Ashish Gehani Surendar Chandra SRI University of Notre Dame 1 INTRODUCTION : Heterogeneous Applications Name resolution - CoDNS Scientific citations - OverCite

SLIDE 1

Parameterizing Access Control for Heterogeneous Peer-to-Peer Applications

Ashish Gehani Surendar Chandra SRI University of Notre Dame

1

SLIDE 2

INTRODUCTION : Heterogeneous Applications

Name resolution - CoDNS
Scientific citations - OverCite
Multiplayer game object location - Chord
Email filtering - SpamWatch

2

SLIDE 3

INTRODUCTION : What’s the problem?

Discretionary access control
Traditional concerns:

– Authorization service is central point of failure – Revocation enforcement

Peer-to-peer environment concerns:

– Reliability (ρ) – Performance (operation execution time)

3

SLIDE 4

MOTIVATION : Heterogeneous Applications

Table 1: Operation timeframe Grant Revoke Request Name resolution Minute Minute Second Spam filtering Minute Hour Second Digital library Minute Day Minute Content sales Second Never Second Multiplayer game Second Minute Second

4

SLIDE 5

ASSUMPTIONS : System Model

Peers have equivalent functionality
Unauthorized reads preventable
Unauthorized writes not preventable

– Must be detectable

Fraction of peers are malicious (µ)
Security should degrade gracefully

5

SLIDE 6

GOALS : Solution Constraints

Flexible trust establishment
Authorize users, not nodes
Flexible operation order

6

SLIDE 7

DESIGN : Object Sealing

Owner Data Encrypted Verfication Key Signed Hash β α Object Name Object

7

SLIDE 8

DESIGN : Permission Processing

Verifiable Secret Shares Overlay Insertions Read Capability Write Capability Identity Based Encryption

8

SLIDE 9

DESIGN : Leveraging Peers’ Storage

β Request Retrieves Object Owner User Peer Nodes Grant Shares α

9

SLIDE 10

IMPLEMENTATION : DAAL’s Java API

static void grant(Globals globals, Delegation delegation, User owner, String user, String filename, boolean grantRead, boolean grantWrite, int alpha, int beta); static void revoke(Globals globals, Delegation delegation, User owner, String user, String filename, int alpha, int beta); static Capabilities request(Globals globals, User user, String filename, int alpha, int beta);

10

SLIDE 11

EVALUATION : If µ = α

β , ρ is independent of α

2 4 6 8 10 12 14 Α 0.2 0.4 0.6 0.8 1 Ρ Request with Β 20, ΜΑΒ

11

SLIDE 12

EVALUATION : If µ = α

β , ρ is independent of β

8 10 12 14 16 18 20 Β 0.2 0.4 0.6 0.8 1 Ρ Request with Α 5, ΜΑΒ

12

SLIDE 13

EVALUATION :

α β > µ

→ ρ grows with α

2 4 6 8 10 12 Α 0.2 0.4 0.6 0.8 1 Ρ Β20 , Α

Β kΜ , k1.2,1.5,1.8

13

SLIDE 14

EVALUATION : For large β, ρ depends on

( α

β )

µ

10 12 14 16 18 20 Β 0.2 0.4 0.6 0.8 1 Ρ Α5 , Α

Β kΜ , k1.2,1.5,1.8

14

SLIDE 15

EVALUATION : Revocation depends on

( α

β )

µ

2 4 6 8 10 12 14 Α 0.2 0.4 0.6 0.8 1 Ρ Revoke with Β 20, Α

Β kΜ , k 1, 2

15

SLIDE 16

EVALUATION : Large β and α

β = 2µ

→ Reliable operations 8 10 12 14 16 18 20 Β 0.2 0.4 0.6 0.8 1 Ρ Revoke with Α 5, Α

Β kΜ , k 1, 2

16

SLIDE 17

Parameterizing Access Control for Heterogeneous Peer-to-Peer Applications

Ashish Gehani Surendar Chandra SRI University of Notre Dame

1

INTRODUCTION : Heterogeneous Applications

2

INTRODUCTION : What’s the problem?

– Authorization service is central point of failure – Revocation enforcement

– Reliability (ρ) – Performance (operation execution time)

3

MOTIVATION : Heterogeneous Applications

Table 1: Operation timeframe Grant Revoke Request Name resolution Minute Minute Second Spam filtering Minute Hour Second Digital library Minute Day Minute Content sales Second Never Second Multiplayer game Second Minute Second

4

ASSUMPTIONS : System Model

– Must be detectable

5

GOALS : Solution Constraints

6

DESIGN : Object Sealing

Owner Data Encrypted Verfication Key Signed Hash β α Object Name Object

7

DESIGN : Permission Processing

Verifiable Secret Shares Overlay Insertions Read Capability Write Capability Identity Based Encryption

8

DESIGN : Leveraging Peers’ Storage

β Request Retrieves Object Owner User Peer Nodes Grant Shares α

9

IMPLEMENTATION : DAAL’s Java API

10

EVALUATION : If µ = α

β , ρ is independent of α

2 4 6 8 10 12 14 Α 0.2 0.4 0.6 0.8 1 Ρ Request with Β 20, ΜΑΒ

11

EVALUATION : If µ = α

β , ρ is independent of β

8 10 12 14 16 18 20 Β 0.2 0.4 0.6 0.8 1 Ρ Request with Α 5, ΜΑΒ

12

EVALUATION :

α β > µ

→ ρ grows with α

2 4 6 8 10 12 Α 0.2 0.4 0.6 0.8 1 Ρ Β20 , Α

13

EVALUATION : For large β, ρ depends on

( α

β )

µ

10 12 14 16 18 20 Β 0.2 0.4 0.6 0.8 1 Ρ Α5 , Α

14

EVALUATION : Revocation depends on

( α

β )

µ

2 4 6 8 10 12 14 Α 0.2 0.4 0.6 0.8 1 Ρ Revoke with Β 20, Α

15

EVALUATION : Large β and α

β = 2µ

→ Reliable operations 8 10 12 14 16 18 20 Β 0.2 0.4 0.6 0.8 1 Ρ Revoke with Α 5, Α

16

APPROACH : Parameter Selection

α ← 1, β ← 2 while Time(request(α, β)) < requestthreshold do α++, β++ while Time(revoke(α, β)) < revokethreshold do β++ while α

β <= k.µ

do β- -

17