UZH-Logo

Distributed privilege enforcement in PACS


Sturm, C; Hunt, E; Scholl, M H (2009). Distributed privilege enforcement in PACS. In: 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2009), Montreal, Canada, 12 July 2009 - 15 July 2009, 142-158 .

Abstract

We present a new access control mechanism for P2P networks
with distributed enforcement, called P2P Access Control System (PACS). PACS enforces powerful access control models like RBAC with administrative delegation inside a P2P network in a pure P2P manner, which is not possible in any of the currently used P2P access control mechanisms. PACS uses client-side enforcement to support the replication of confidential data. To avoid a single point of failure at the time of privilege enforcement, we use threshold cryptography to distribute the enforcement among the participants. Our analysis of the expected number of messages and the computational effort needed in PACS shows that its increased flexibility comes with an acceptable additional overhead.

We present a new access control mechanism for P2P networks
with distributed enforcement, called P2P Access Control System (PACS). PACS enforces powerful access control models like RBAC with administrative delegation inside a P2P network in a pure P2P manner, which is not possible in any of the currently used P2P access control mechanisms. PACS uses client-side enforcement to support the replication of confidential data. To avoid a single point of failure at the time of privilege enforcement, we use threshold cryptography to distribute the enforcement among the participants. Our analysis of the expected number of messages and the computational effort needed in PACS shows that its increased flexibility comes with an acceptable additional overhead.

Citations

1 citation in Web of Science®
2 citations in Scopus®
Google Scholar™

Altmetrics

Downloads

44 downloads since deposited on 19 Aug 2009
5 downloads since 12 months
Detailed statistics

Additional indexing

Item Type:Conference or Workshop Item (Paper), refereed, original work
Communities & Collections:03 Faculty of Economics > Department of Informatics
Dewey Decimal Classification:000 Computer science, knowledge & systems
Language:English
Event End Date:15 July 2009
Deposited On:19 Aug 2009 13:39
Last Modified:05 Apr 2016 13:19
Publisher:Springer
Series Name:Lecture Notes in Computer Science
Number:5645/2
ISSN:1611-3349
ISBN:978-3-642-03006-2
Additional Information:The original publication is available at www.springerlink.com
Publisher DOI:10.1007/978-3-642-03007-9_10
Official URL:http://www.springerlink.com/content/n4lt543337675821/
Permanent URL: http://doi.org/10.5167/uzh-20204

Download

[img]
Preview
Content: Accepted Version
Filetype: PDF
Size: 1MB
View at publisher

TrendTerms

TrendTerms displays relevant terms of the abstract of this publication and related documents on a map. The terms and their relations were extracted from ZORA using word statistics. Their timelines are taken from ZORA as well. The bubble size of a term is proportional to the number of documents where the term occurs. Red, orange, yellow and green colors are used for terms that occur in the current document; red indicates high interlinkedness of a term with other terms, orange, yellow and green decreasing interlinkedness. Blue is used for terms that have a relation with the terms in this document, but occur in other documents.
You can navigate and zoom the map. Mouse-hovering a term displays its timeline, clicking it yields the associated documents.

Author Collaborations