Policy-based access control for weakly consistent replication

Ted Wobber, Thomas L. Rodeheffer, Douglas B. Terry
2010 Proceedings of the 5th European conference on Computer systems - EuroSys '10  
Combining access control with weakly consistent replication presents a challenge if the resulting system is to support eventual consistency. If authorization policy can be temporarily inconsistent, any given operation may be permitted at one node and yet denied at another. This is especially troublesome when the operation in question involves a change in policy. Without a careful design, permanently divergent state can result. We describe and evaluate the design and implementation of an access
more » ... ontrol system for weakly consistent replication where peers are not uniformly trusted. Our system allows for the specification of fine-grained access control policy over a collection of replicated items. Policies are expressed using a logical assertion framework and access control decisions are logical proofs. Policy can grow to encompass new nodes through fine-grain delegation of authority. Eventual consistency of the replicated data is preserved despite the fact that access control policy can be temporarily inconsistent.
doi:10.1145/1755913.1755943 dblp:conf/eurosys/WobberRT10 fatcat:eg5keeoejfhq5lno2y6m5s56ma