Abstract
The intent of peer data management systems (PDMS) is to share as much data as possible. However, in many applications leveraging sensitive data, users demand adequate mechanisms to restrict the access to authorized parties. In this paper, we study a distributed access control model, where data items are stored, queried and authenticated in a totally decentralized fashion. Our contribution focuses on the design of a comprehensive framework for access control enforcement in PDMS sharing secure data, which blends policy rules defined in a declarative language with distributed key management schemes. The data owner peer decides which data to share and whom to share with by means of such policies, with the data encrypted accordingly. To defend against malicious attackers who can compromise the peers, the decryption keys are decomposed into pieces scattered amongst peers. We discuss the details of how to adapt distributed encryption schemes to PDMS to enforce robust and resilient access control, and demonstrate the efficiency and scalability of our approach by means of an extensive experimental study.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Gribble, S.D., Halevy, A.Y., Ives, Z.G., Rodrigand, M., Suciu, D.: What Can Database Do for Peer-to-Peer?. In: Proc. of WebDB (2001)
Hose, K., Roth, A., Zeitz, A., Sattler, K.U., Naumann, F.: A research agenda for query processing in large-scale peer data management systems. Inf. Syst. 33(7–8), 597–610 (2008)
Bonifati, A., Chrysanthis, P.K., Ouksel, A.M., Sattler, K.U.: Distributed databases and peer-to-peer databases: past and present. SIGMOD Rec. 37(1), 5–11 (2008)
Sandhu, R., Zhang, X.: Peer to peer access control architecture using trusted computing technology. In: Proc. of ACMT (2005)
Kubiatowicz, J., Bindel, D., Chen, Y., Czerwinski, S., Eaton, P., Geels, D., Gummadi, R., Rhea, S., Weatherspoon, H., Weimer, W., Wells, C., Zhao, B.: Oceanstore: an architecture for global-scale persistent storage. SIGPLAN Not. 35(11), 190–201 (2000)
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: Proc. of FAST (2003)
Sturm, C., Hunt, E., Scholl, M.H.: Distributed privilege enforcement in pacs. In: DBSec, pp. 142–158 (2009)
Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proc. of VLDB (2003)
Damiani, E., di Vimercati, S.D.C., Paraboschi, S., Sarnarati, P.: Securing xml documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, Springer, Heidelberg (2000)
Harrington, A., Jensen, C.: Cryptographic access control in a distributed file system. In: Proc. of ACMT (2003)
Shamir, A.: How to share a secret. Comm. of the ACM 22(11), 612–613 (1979)
Chekuri, C., Rajaraman, A.: Conjunctive query containment revisited. In: Proceedings of ICDT, pp. 56–70 (1998)
Chandra, A.K., Merlin, P.M.: Optimal implementation of conjunctive queries in relational databases. In: Proc. of STC (1977)
Saraiya, Y.P.: Subtree-elimination algorithms in deductive databases. In: Thesis, Stanford University (1991)
5200.28-STD, D.S.: Trusted Computer System Evaluation Criteria. USA Dept. of Defense (1985)
Luo, H., Lu, S.: Ubiquitous and robust authentication services for ad hoc wireless networks. Technical report, University of California, Los Angeles (2000)
Joshi, D., Namuduri, K., Pendse, R.: Secure, redundant, and fully distributed key management scheme for mobile ad hoc networks: an analysis. EURASIP J. Wirel. Commun. Netw. (4), 579–589 (2005)
P2Pac Web Site, http://staff.icar.cnr.it/angela/p2pac/exp/exp.html
Grolimund, D., Meisser, L., Schmid, S., Wattenhofer, R.: Cryptree: A folder tree structure for cryptographic file systems. In: RDS, pp. 189–198 (2006)
Naor, M., Wool, A.: Access control and signatures via quorum secret sharing. IEEE TPDS 9(9), 909–922 (1998)
Merwe, J.V.D., Dawoud, D., McDonald, S.: A survey on peer-to-peer key management for mobile ad hoc networks. ACM Comp. Surveys (2007)
Kayem, A.V.D.M., Akl, S.G., Martin, P.: On replacing cryptographic keys in hierarchical key management systems. Journal of Computer Security 16(3), 289–309 (2008)
Sun, Y.L., Liu, K.J.R.: Analysis and protection of dynamic membership information for group key distribution schemes. IEEE Transactions on Information Forensics and Security 2(2), 213–226 (2007)
Blundo, C., Cimato, S., di Vimercati, S.D.C., Santis, A.D., Foresti, S., Paraboschi, S., Samarati, P.: Efficient key management for enforcing access control in outsourced scenarios. In: Proceedings of SEC (2009)
Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. In: Proc. of SIGCOMM (2001)
Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S.: A scalable content-addressable network. In: Proc. of SIGCOMM (2001)
Mazzoleni, P., Crispo, B., Sivasubramanian, S., Bertino, E.: XACML Policy Integration Algorithms. ACM TISS 11(1), 1–29 (2008)
Fan, W., Chee-Yong Chan, M.G.: Secure xml querying with security views. In: Proc. of SIGMOD 2004 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bonifati, A., Liu, R., Wang, H.(. (2010). Distributed and Secure Access Control in P2P Databases. In: Foresti, S., Jajodia, S. (eds) Data and Applications Security and Privacy XXIV. DBSec 2010. Lecture Notes in Computer Science, vol 6166. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13739-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-13739-6_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13738-9
Online ISBN: 978-3-642-13739-6
eBook Packages: Computer ScienceComputer Science (R0)