1 / 13

Role Based Access Control and the JXTA P2P Framework

Role Based Access Control and the JXTA P2P Framework. Amit Mathur Symantec Corporation. Suneuy Kim Dept. of Computer Science San Jose State University. Mark Stamp Dept. of Computer Science San Jose State University stamp@cs.sjsu.edu. Game Plan. Role based access control (RBAC)

roger
Download Presentation

Role Based Access Control and the JXTA P2P Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Role Based Access Controland the JXTA P2P Framework Amit MathurSymantec Corporation Suneuy KimDept. of Computer ScienceSan Jose State University Mark StampDept. of Computer ScienceSan Jose State Universitystamp@cs.sjsu.edu RBAC and JXTA 1

  2. Game Plan • Role based access control (RBAC) • Peer-to-peer (P2P) and JXTA • RBAC for a P2P network (in JXTA) • Secure? RBAC and JXTA 2

  3. What is Access Control? • Authentication • Who goes there? • Authorization/Access control • Are you allowed to do that? • User already has access to system • Restrictions placed on user • For example, “rwx” in Unix • Usually enforced by the operating system RBAC and JXTA 3

  4. What is RBAC? • In RBAC • Access determined by specified roles • Users assigned to roles • Good when user base changes • Roles are relatively stable • RBAC eases administrative burden • Main advantage of RBAC RBAC and JXTA 4

  5. RBAC • RBAC compatible with OO techniques • Access to resource  access to object method • Role  interface, where interface is set of methods that provide capability • RBAC provides separation of duties • Least privilege, etc. • Many applications have clear roles RBAC and JXTA 5

  6. What is P2P? • In contrast to client-server • P2P peers can act as clients and servers • Peers directly exchange data • Highly scalable • Different ways for peers to discover the data • Access control in P2P? • No “operating system” • No central authority to enforce access control • This could be a problem… RBAC and JXTA 6

  7. What is JXTA? • JXTA (short for “Juxtapose”) is open source P2P standard proposed by Sun • Takes care of the P2P “plumbing” • Usable, but has not really caught on (yet?) RBAC and JXTA 7

  8. RBAC for P2P? • How can that be? • No central authority! • Consider content distribution problem • Producer --- create digital content • Distributor --- gets content from producer to sell to consumer • Consumer --- purchase content • Seems like a sensible P2P application • And three obvious roles RBAC and JXTA 8

  9. JXTA Implementation • We implemented a generic RBAC system • Access to resource == access to a (remote) method via a “peer pipe” • Use XML files to configure peers • Every peer can • Request method execution on remote peer or locally (client) • Provide access to its methods (server) RBAC and JXTA 9

  10. JXTA Implementation • All peers have same role definition files at start • Each peer in one role at a time • A peer cannot change roles • Not as bad as it sounds • Peers must agree on role config and peer-to-role mapping RBAC and JXTA 10

  11. JXTA Implementation • Peers start and each is given a name • Initialize each peer using XML files • Peer-to-role mapping and role definitions • Suppose Peer 1 makes request of Peer 2 • Peer 1 sends its XML files to Peer 2 • Peer 2 checks that its XML files agree • Peer 2 verifies Peer 1’s role and its own role • If all is OK, Peer 2 executes requested method and returns result to Peer 1 RBAC and JXTA 11

  12. JXTA Implementation • For any specific application… • Developer must define application-specific methods • But no need to deal with RBAC issues • Attacks? • Peer 1 lies about its role to Peer 2 • Requires cooperation of Peer 1 and Peer 2 • Peer 1 lies to itself • Cannot prevent a peer from “attacking” itself RBAC and JXTA 12

  13. Bottom Line • RBAC in P2P network • Seems to make sense • Simple but useful approach • Implemented in JXTA • Developer only needs to develop application-specific code (not RBAC) • As secure as could be expected • Given inherent limitations of P2P environment RBAC and JXTA 13

More Related