On Classifying Access Control Implementations for Distributed Systems
- Kevin Kane ,
- James C. Browne
Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT'06) |
Published by Association for Computing Machinery, Inc.
This paper presents a classification of implementations of access control systems based on a lattice taxonomy where the axes are properties of the implementation. The current taxonomy has six axes representing:partitioning of control over sharing of access control credentials, distribution of the state relevant to access control decisions,.delity of policy enforcement, the identity resolution mechanism, local versus centralized decisions,and static or adaptive trust management.Analysis of implemented systems in terms of these properties sheds insight on tradeo .s between performance, scalability and potential vulnerability to specified attacks. The taxonomy reveals that distributed systems for several points on the lattice with interesting access control characteristics have not yet been implemented. The relationship of this classification to conventional classifications by type (for instance,role-based access control or mandatory access control) and mechanism (for instance,access control list or capabilities)is briefly discussed. Several implementations of access control are classi .ed by their values for these properties.The roles of access control in formulation and operation of distributed systems are discussed.
Copyright © 2007 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or permissions@acm.org. The definitive version of this paper can be found at ACM's Digital Library --http://www.acm.org/dl/.