Policy-Domain Based Access Control Model In Distributed Systems

The rise of distributed systems, such as peer-to-peer systems, computing grids across multiple organizations, and compositional web services, require a rethinking of basic issues ranging from programming models to access control. According to the analysis of limitations of traditional access control models and studies on the natures of distributed access control systems, this dissertation proposes a distributed access control model. The following contributions are made:1. We present an analysis of the properties of access control implementations, particularly for distributed systems. We describe six properties and possible values of each property. These properties are: delegation on access credentials, identity authentication, state distribution, decision mode, trust management and fidelity of implementation. We value some famous distributed access control systems in these properties and give some insights in this field. These works make a basis of the following parts and establish detailed objects for our research work.2. We abstract some typical distributed system and propose the definition of policy domain. Based on policy domain, we describe an access control model in distributed systems named as PDAC (Policy-Domain based Access Control) model. A policy in PDAC model is a contract-based capability. Policy domain creates access policy by runtime information. Though capability and contract are both well-studied concepts, it is the first time they have been integrated for the purpose of access control. For decision mode in PDAC, policy domain provides local autonomy and the ability of cooperation. More than one node in distributed systems is involved in decision process. They collaborate from each other to reach a common decision. And PDAC model also provides delegation. Credentials are delegatable for sharing access between clients. Policy domain records the delegation and provides a more fine-granularity way to manage authorization.3. It needs to cooperate between policy domains to make a consensus decision. In this dissertation, associative broadcast is used as the basis of cooperation and communication mechanism. Associative broadcast enables targeting of requirement to policy domains in specific states and enables each policy domain to select the properties of requirement it will receive. Basing coordination on associative broadcast communication enables definition of multiple dynamic coordination subsets in a set of policy domains. It meets the need of dynamic cooperation in distributed systems. And meanwhile we can define the mechanism of service-discover and neighborhood query using associative broadcast.4. It is intrinsic to many distributed systems that there is uncertainty in trust evaluation. So we propose incorporating a measure of uncertainty based on subjective logic into the reputation to reflect the confidence in that reputation. This allows distinguishing between policy domains which have consistent behavior and those with time-varying behavior. Because of the property of time decay in trust relationship, we introduce an aging mechanism in trust evaluation model. Experiment results show that this aging algorithm constrains nodes' behavior in a desirable manner.5. By unifying BAN logic with past- and future-time temporal logic, we propose a policy language known as PDPL. PDPL can be viewed as a formal language of a formal system. We discuss its syntax and semantic, and then we establish a formal system which makes PDAC model as its semantic model and can then be proven to possess desirable properties. By defining the axioms and inference rules of this formal system, we further verify the access control properties, such as handshake, delegation, cooperation and decision.In summary, this dissertation proposes and evaluates a new method for implementing access control and trust management in distributed systems, and improves the research work of distributed access control model. The research in this dissertation can guide us to build more reliable systems with decentralized control.