带隐子树的分布式证明的一致性

Adam J. Lee, Kazuhiro Minami, M. Winslett
{"title":"带隐子树的分布式证明的一致性","authors":"Adam J. Lee, Kazuhiro Minami, M. Winslett","doi":"10.1145/1805974.1805981","DOIUrl":null,"url":null,"abstract":"Previous work has shown that distributed authorization systems that fail to sample a consistent snapshot of the underlying system during policy evaluation are vulnerable to a number of attacks. Unfortuantely, the consistency enforcement solutions presented in previous work were designed for systems in which only CA-certified evidence is used during the decision-making process, all of which is available to the decision-making node at runtime. In this article, we generalize previous results and present light-weight mechanisms through which consistency constraints can be enforced in proof systems in which the full details of a proof may be unavailable to the querier due to information release policies, and the existence of certificate authorities for certifying evidence is unlikely; these types of distributed proof systems are likely candidates for use in pervasive computing and sensor network environments. We present modifications to one such distributed proof system that enable three types of consistency constraints to be enforced while still respecting the same confidentiality and integrity policies as the original proof system. We then discuss how these techniques can be adapted and applied to other, less restrictive, distributed proof systems. Further, we detail a performance analysis that illustrates the modest overheads of our consistency enforcement schemes.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"17 1","pages":"25:1-25:32"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"On the consistency of distributed proofs with hidden subtrees\",\"authors\":\"Adam J. Lee, Kazuhiro Minami, M. Winslett\",\"doi\":\"10.1145/1805974.1805981\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Previous work has shown that distributed authorization systems that fail to sample a consistent snapshot of the underlying system during policy evaluation are vulnerable to a number of attacks. Unfortuantely, the consistency enforcement solutions presented in previous work were designed for systems in which only CA-certified evidence is used during the decision-making process, all of which is available to the decision-making node at runtime. In this article, we generalize previous results and present light-weight mechanisms through which consistency constraints can be enforced in proof systems in which the full details of a proof may be unavailable to the querier due to information release policies, and the existence of certificate authorities for certifying evidence is unlikely; these types of distributed proof systems are likely candidates for use in pervasive computing and sensor network environments. We present modifications to one such distributed proof system that enable three types of consistency constraints to be enforced while still respecting the same confidentiality and integrity policies as the original proof system. We then discuss how these techniques can be adapted and applied to other, less restrictive, distributed proof systems. Further, we detail a performance analysis that illustrates the modest overheads of our consistency enforcement schemes.\",\"PeriodicalId\":50912,\"journal\":{\"name\":\"ACM Transactions on Information and System Security\",\"volume\":\"17 1\",\"pages\":\"25:1-25:32\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Information and System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1805974.1805981\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1805974.1805981","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 7

摘要

以前的工作表明,在策略评估期间未能采样底层系统的一致快照的分布式授权系统容易受到许多攻击。不幸的是,在之前的工作中提出的一致性执行解决方案是为在决策过程中只使用ca认证证据的系统设计的,所有这些证据都可以在运行时提供给决策节点。在本文中,我们概括了以前的结果,并提出了轻量级机制,通过该机制可以在证明系统中实施一致性约束,其中由于信息发布策略,查询者可能无法获得证明的全部细节,并且不太可能存在用于证明证据的证书颁发机构;这些类型的分布式证明系统很可能用于普适计算和传感器网络环境。我们对一个这样的分布式证明系统进行了修改,使三种类型的一致性约束得以实施,同时仍然尊重与原始证明系统相同的机密性和完整性策略。然后,我们讨论如何将这些技术应用于其他限制较少的分布式证明系统。此外,我们还详细介绍了性能分析,说明了一致性执行方案的适度开销。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
On the consistency of distributed proofs with hidden subtrees
Previous work has shown that distributed authorization systems that fail to sample a consistent snapshot of the underlying system during policy evaluation are vulnerable to a number of attacks. Unfortuantely, the consistency enforcement solutions presented in previous work were designed for systems in which only CA-certified evidence is used during the decision-making process, all of which is available to the decision-making node at runtime. In this article, we generalize previous results and present light-weight mechanisms through which consistency constraints can be enforced in proof systems in which the full details of a proof may be unavailable to the querier due to information release policies, and the existence of certificate authorities for certifying evidence is unlikely; these types of distributed proof systems are likely candidates for use in pervasive computing and sensor network environments. We present modifications to one such distributed proof system that enable three types of consistency constraints to be enforced while still respecting the same confidentiality and integrity policies as the original proof system. We then discuss how these techniques can be adapted and applied to other, less restrictive, distributed proof systems. Further, we detail a performance analysis that illustrates the modest overheads of our consistency enforcement schemes.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
ACM Transactions on Information and System Security
ACM Transactions on Information and System Security 工程技术-计算机:信息系统
CiteScore
4.50
自引率
0.00%
发文量
0
审稿时长
3.3 months
期刊介绍: ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
期刊最新文献
An Efficient User Verification System Using Angle-Based Mouse Movement Biometrics A New Framework for Privacy-Preserving Aggregation of Time-Series Data Behavioral Study of Users When Interacting with Active Honeytokens Model Checking Distributed Mandatory Access Control Policies Randomization-Based Intrusion Detection System for Advanced Metering Infrastructure*
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1