Abstract
Researchers have made much progress in designing secure and scalable protocols to provide specific security services, such as data secrecy, data integrity, entity authentication and access control, to multicast and group applications. However, less emphasis has been put on how to integrate security protocols with modern, highly efficient group communication systems and what issues arise in such secure group communication systems. In this paper, we present a flexible and modular architecture for integrating many different authentication and access control policies and protocols with an existing group communication system, while allowing applications to provide their own protocols and control the policies. This architecture maintains, as much as possible, the scalability and performance characteristics of the unsecure system. We discuss some of the challenges when designing such a framework and show its implementation in the Spread wide-area group communication toolkit.
This work was supported by grant F30602-00-2-0526 from The Defense Advanced Research Projects Agency.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Y. Amir. Replication using Group Communication over a Partitioned Network. PhD thesis, Institute of Computer Science, The Hebrew University of Jerusalem, Jerusalem, Israel, 1995.
Y. Amir, B. Awerbuch, C. Danilov, and J. Stanton. Flow control for many-tomany multicast: A cost-benefit approach. Technical Report CNDS-2001-1, Johns Hopkins University, Center of Networking and Distributed Systems, 2001.
Y. Amir, C. Danilov, and J. Stanton. A low latency, loss tolerant architecture and protocol for wide area group communication. In Proceedings of the International Conference on Dependable Systems and Networks, pages 327–336, June 2000.
Y. Amir, D. Dolev, S. Kramer, and D. Malki. Transis: A communication subsystem for high availability. Digest of Papers, The 22nd International Symposium on Fault-Tolerant Computing Systems, pages 76–84, 1992.
Y. Amir, L. E. Moser, P. M. Melliar-Smith, D. Agarwal, and P. Ciarfella. The totem single-ring ordering and membership protocol. ACM Transactions on Computer Systems, 13(4):311–342, November 1995.
Y. Amir, C. Nita-Rotaru, and J. Stanton. Framework for authentication and access control of client-server group communication systems. Technical Report CNDS 2001-2, Johns Hopkins University, Center of Networking and Distributed Systems, 2001. http://www.cnds.jhu.edu/publications/.
Y. Amir and J. Stanton. The Spread wide area group communication system. Technical Report 98-4, Johns Hopkins University, Center of Networking and Distributed Systems, 1998.
K. P. Birman and T. Joseph. Exploiting virtual synchrony in distributed systems. In 11th Annual Symposium on Operating Systems Principles, pages 123–138, November 1987.
K. P. Birman and R. V. Renesse. Reliable Distributed Computing with the Isis Toolkit. IEEE Computer Society Press, March 1994.
G. Caronni, M. Waldvogel, D. Sun, N. Weiler, and B. Plattner. The VersaKey framework: Versatile group key management. IEEE Journal of Selected Areas in Communication, 17(9), September 1999.
A. Fekete, N. Lynch, and A. Shvartsman. Specifying and using a partitionable group communication service. In Proceedings of the 16th annual ACM Symposium on Principles of Distributed Computing, pages 53–62, Santa Barbara, CA, August 1997.
H. Harney, A. Colegrove, E. Harder, U. Meth, and R. Fleischer. Group secure association key management protocol (GSAKMP). draft-irtf-smug-gsakmp-00.txt, November 2000.
R. Hayton, A. Herbert, and D. Donaldson. FlexiNet — A flexible component oriented middleware system. In Proceedings of SIGOPS’98, http://www.ansa.co.uk/, 1998.
K. P. Kihlstrom, L. E. Moser, and P. M. Melliar-Smith. The SecureRing protocols for securing group communication. In Proceedings of the IEEE 31st Hawaii International Conference on System Sciences, volume 3, pages 317–326, Kona, Hawaii, January 1998.
J. Kohl and B. C. Neuman. The Kerberos Network Authentication Service (Version 5). RFC-1510, September 1993.
P. McDaniel, A. Prakash, and P. Honeyman. Antigone: A flexible framework for secure group communication. In Proceedings of the 8th USENIX Security Symposium, pages 99–114, August 1999.
L. E. Moser, Y. Amir, P. M. Melliar-Smith, and D. A. Agarwal. Extended virtual synchrony. In Proceedings of the IEEE 14th International Conference on Distributed Computing Systems, pages 56–65. IEEE Computer Society Press, Los Alamitos, CA, June 1994.
B. C. Neuman and G. Medvinsky. Requirements for network payment: The netcheque perspective. In In Proceedings of IEEE COMPCON’95, March 1995.
M. Nystrom. The SecurID SASL mechanism. RFC-2808, April 2000.
M. K. Reiter. Secure agreement protocols: Reliable and atomic group multicast in RAMPART. In Proceedings of the 2nd ACM Conference on Computer and Communications Security, pages 68–80. ACM, November 1994.
R. V. Renesse, K. Birman, and S. Maffeis. Horus: A flexible group communication system. Communications of the ACM, 39:76–83, April 1996.
O. Rodeh, K. Birman, and D. Dolev. The architecture and performance of security protocols in the Ensemble Group Communication System. ACM Transactions on Information and System Security, To appear.
V. Samar and R. Schemers. Unified login with Pluggable Authentication Modules (PAM). OSF-RFC 86.0, October 1995.
M. Thompson, W. Johnston, S. Mudumbai, G. Hoo, K. Jackson, and A. Essiari. Certificate-based access control for widely distributed resources. In Proceedings of the Eighth Usenix Security Symposium, pages 215–227, August 1999.
B. Whetten, T. Montgomery, and S. Kaplan. A high performance totally ordered multicast protocol. In Theory and Practice in Distributed Systems, International Workshop, Lecture Notes in Computer Science, page 938, September 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Amir, Y., Nita-Rotaru, C., Stanton, J.R. (2001). Framework for Authentication and Access Control of Client-Server Group Communication Systems. In: Crowcroft, J., Hofmann, M. (eds) Networked Group Communication. NGC 2001. Lecture Notes in Computer Science, vol 2233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45546-9_10
Download citation
DOI: https://doi.org/10.1007/3-540-45546-9_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42824-4
Online ISBN: 978-3-540-45546-2
eBook Packages: Springer Book Archive