Abstract
In this paper we examine several access control problems that occur in an object-based distributed system that permits objects to be replicated on multiple machines. First, there is the classical access control problem, which relates to which users can execute which methods. Second, we identified a reverse access control problem, which concerns which replicas can execute which methods for authorized users. Finally, there is the issue of how updates are propagated securely from replica to replica. Our solution uses roles and preserves the scalability needed in a world-wide distributed system.
Keywords
Work completed while at Vrije Universiteit
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35612-9_23
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
The common object request broker: Architecture and specification.www.omg.org, Oct 2000. Document Formal.
Corba security service specification. http://www.omg.org March 2001. Document Formal.
M. Abrams, S. Jajodia, and H. Podell, editors. Information Security - An Integrated Collection of Essays. IEEE Computer Society Press, Los Alamitos, CA, 1995.
A. Bakker, M. van Steen, and A. Tanenbaum. From remote objects to physically distributed objects. In 7th IEEE Workshop on Future Trends of Distributed Computing Systems, pages 47–52, December 1999.
G. Eddon and H. Eddon. Inside Distibuted COM. Microsoft Press, Redmond, WA, 1998.
A. Grimsaw and W. Wulf. Legion - a view from 50000 feet. In Fifth IEEE International Symposium on High Performance Distributed Computing. IEEE Computer Society Press, Aug 1996.
C. Kaufman, R. Perlman, and M. Speciner. Network Security. Prentice Hall, Upper Saddle River, NJ, 1995.
J. Leiwo, C. Hanle, P. Homburg, C. Gamage, and A. Tanenbaum. A security design for a wide-area distributed system. In Second International Conference Information Security and Cryptology (ICISC’99), volume 1787 of LNCS, pages 236–256. Springer, 1999.
J. S. Park and R. Sandhu. Rbac on the web by smart certificates. In ACM Workshop on Role-Based Access Control, 1999.
C. P. Pfleeger. Security in Computing. Prentice Hall, Upper Saddle River, NJ, second edition, 1997.
R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29 (2): 38–48, Febr. 1996.
R. Sandhu and Q. Munawer. How to do discretionary access control using roles. In ACM Workshop on Role-Based Access Control, 1998.
M. van Steen, F. Hauck, P. Homburg, and A. Tanenbaum. Locating objects in wide-area systems. IEEE Communications Magazine, pages 104–109, January 1998.
M. van Steen, P. Homburg, and A. Tanenbaum. Globe: A wide-area distributed system. IEEE Concurrency, pages 70–78, January-March 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Popescu, B.C., Gamage, C., Tanenbaum, A.S. (2002). Access Control, Reverse Access Control and Replication Control in a World Wide Distributed System. In: Jerman-Blažič, B., Klobučar, T. (eds) Advanced Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 100. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35612-9_12
Download citation
DOI: https://doi.org/10.1007/978-0-387-35612-9_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-4405-7
Online ISBN: 978-0-387-35612-9
eBook Packages: Springer Book Archive