Contributions to Proceedings:
S. Craß, T. Dönz, G. Joskowicz, E. Kühn, A. Marek:
"Securing a Space-Based Service Architecture with Coordination-Driven Access Control";
in: "Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), Special Issue on Frontiers in Security and Dependability",
E. Weippl, A. Tjoa, S. Tjoa (ed.);
Innovative Information Science & Technology Research Group (ISYOU),
Seoul, Republik Korea,
In distributed applications, multiple autonomous processes need to collaborate in an efficient way. Space-based middleware enables data-driven coordination for these processes via shared tuple spaces that allow a decoupled form of communication. Complex coordination logic may be provided to clients via reusable service components that access such tuple spaces to fulfill their task. To enable the secure collaboration of different participants, a suitable security concept for space-based services is required. In this paper, we present a fine-grained access control model that targets permissions both for invoking specific coordination services and for the data that is accessed by them. Our space-based policy language adopts the middleware's own coordination mechanisms for the specification of simple yet expressive access control policies, thus combining coordination logic and security mechanisms into a single, unified concept. We show how a lightweight service execution framework that enforces these policies can be bootstrapped with the middleware itself, which enables using the same mechanisms for the invocation of services, the access to data and the management of policies. The feasibility of the approach is demonstrated by a use case based on a management system for distributed firewalls.
tuple spaces, coordination middleware, access control, service-oriented architectures
Created from the Publication Database of the Vienna University of Technology.