|
Securing a Space-Based Service Architecture
Stefan Craß+, Tobias Dönz, Gerson Joskowicz, eva Kühn, and Alexander Marek
Abstract
In distributed applications, multiple autonomous processes need to collaborate in an efficient way. Space-based middleware enables data-driven coordination for these processes via shared tuple spaces that allow a decoupled form of communication. Complex coordination logic may be provided to clients via reusable service components that access such tuple spaces to fulfill their task. To enable the secure collaboration of different participants, a suitable security concept for space-based services is required. In this paper, we present a fine-grained access control model that targets permissions both for invoking specific coordination services and for the data that is accessed by them. Our space-based policy language adopts the middleware's own coordination mechanisms for the specification of simple yet expressive access control policies, thus combining coordination logic and security mechanisms into a single, unified concept. We show how a lightweight service execution framework that enforces these policies can be bootstrapped with the middleware itself, which enables using the same mechanisms for the invocation of services, the access to data and the management of policies. The feasibility of the approach is demonstrated by a use case based on a management system for distributed firewalls.
Keywords: tuple spaces, coordination middleware, access control, service-oriented architectures +: Corresponding author: Stefan Craß Vienna University of Technology, Institute of Computer Languages, Argentinierstr. 8, 1040 Wien, Austria, Journal of Wireless Mobile Networks,
Ubiquitous Computing, and Dependable Applications (JoWUA), Vol. 4, No. 1, pp. 76-97,
March 2013 [pdf] |