Protected pointers to specify access privileges in distributed systems

With reference to a distributed environment consisting of nodes connected in an arbitrary network topology, we propose the organization of a protection system in which a set of subjects, e.g. processes, generates access attempts to memory segments. One or more primary passwords are associated with e...

Full description

Saved in:
Bibliographic Details
Published inJournal of parallel and distributed computing Vol. 126; pp. 1 - 12
Main Authors Lopriore, Lanfranco, Santone, Antonella
Format Journal Article
LanguageEnglish
Published Elsevier Inc 01.04.2019
Subjects
Access privilege
Distributed system
Parametric one-way function
Password
Protection
Segment
Access privilege
Distributed system
Protection
Segment
Parametric one-way function
Password
Online AccessGet full text

Cover

More Information
Summary:With reference to a distributed environment consisting of nodes connected in an arbitrary network topology, we propose the organization of a protection system in which a set of subjects, e.g. processes, generates access attempts to memory segments. One or more primary passwords are associated with each node. An access to a given segment can be successfully accomplished only if the subject attempting the access holds an access privilege, certified by possession of a valid protected pointer (p-pointer) referencing that segment. Each p-pointer includes a local password; the p-pointer is valid if the local password descends from a primary password by application of a universally known, parametric one-way generation function. A set of protection primitives makes it possible to manage the primary passwords, to reduce p-pointers to include less access rights, to allocate new segments, to delete existing segments, to read the segment contents and to overwrite these contents. The resulting protection environment is evaluated from a number of viewpoints, which include p-pointer forging and revocation, the network traffic generated by the execution of the protection primitives, the memory requirements for p-pointer storage, security, and the relation of our work to previous work. An indication of the flexibility of the p-pointer concept is given by applying p-pointers to the solution of a variety of protection problems. •We refer to a distributed environment consisting of nodes connected in an arbitrary network topology.•We consider the problems of the distribution, verification, review and revocation of access privileges for memory segments or segment parts (subsegments).•We propose a form of protected pointer that includes the name of a node, the identifier of a segment or subsegment in that node, a set of access rights and a password.•A protected pointer is valid if the password descends from a primary password associated with the node by application of a universally-known parametric one-way function.
ISSN:0743-7315
1096-0848
DOI:10.1016/j.jpdc.2018.12.001