| Summary: | Applications and services in distributed environments are an increasingly important topic. Hence approaches to security issues in such applications are also becoming essential. Crucial information is needed to be protected properly and mechanisms must be developed for this protection. Access control is one of the topics that underline security problems. It concerns assuring that data or resources are accessed by the correct entities. A commonly used access control approach is called access control lists, which is widely applied in most operating systems. However, this approach has some weaknesses with regard to scalability, and so it is not very suitable for distributed environments that usually have variable populations. Capabilities on the other hand offer scalability and adaptability advantages over access control lists. Capabilities are unforgeable tickets that can be propagated between entities, and fit well in distributed environments. But capabilities also have limits due to their simple structure. They grant infinite number of accesses for given types of actions, but are not able to capture sequences and branches of actions, which may be called aspects of behaviours. In this thesis, behaviour control approaches are introduced, through Vistas to Treaties. Vistas can provide explicit access control for each component of objects, and provide primitive control over action sequences. Treaties develop behaviour control further by containing behaviour descriptors which can specify those sequencing, branching and terminating aspects, and hence can provide much finer control over behaviours. Because treaties inherit the scalable attributes of capabilities, they also fit well in distributed environments. An interesting feature in treaty systems is that they allow users to refine the specifications of behaviours and generate new treaties from existing ones. A number of treaty combinator operations are proposed to realize this functionality, and they are shown to be safe with respect to the security of access control. A novel issue created by the treaty approach is identified in the thesis. The new problem is called the duplication problem, which could cause users being able to gain more permissions than they should have by making copies of unprotected treaties. Any treaty systems must provide solutions to this problem. Three models which solve the duplication problem are proposed, with an analysis of their differences, and advantages and disadvantages. Treaties are a general concept and in real cases they can be represented in various ways. There are components in treaties that have given a variety of implementation options, and the developers of services and applications can choose to combine these options to fit their special requirements. This makes treaties more flexible and adaptable. The implementations of concreted treaties and treaty systems are introduced, and these implemented treaties are used to test their behaviour control abilities. Evaluations for different treaty representations are provided to compare their performance. Scalability of treaty systems is also evaluated, showing that treaties are good to be deployed in distributed environments.
|
|---|
