Access control in decentralized, distributed systems
Distributed systems with decentralized control, such as peer-to-peer systems, computing grids across multiple organizations, and compositional web services require a rethinking of basic issues in their design and implementation. This dissertation establishes a model of these systems, examines the issues of programming models, access control, and trust, and proposes and evaluates new methods for implementing access control and trust management in these systems. We begin by abstracting these systems into the model of service-oriented systems that use associative interactions. It then examines the fundamental issues of access control in decentralized systems, and its greater requirements than in systems with central control. From this analysis we identify possible solutions for access control implementations that have not been explored. We then introduce a framework developed to support computation in these kinds of networks, and then together with the lessons learned from the taxonomy, offer and evaluate contractually-limited capabilities as an access control mechanism. We then address the questions of trust, cooperation, and access control decisions by offering and evaluating a reputation-tracking mechanism that incorporates a quantified measure of uncertainty, realizing that intrinsic to any system with decentralized control is the uncertainty of information arising from incomplete state. We show this mechanism promotes cooperation by throttling uncooperative nodes while providing high levels of service to cooperative nodes. We then further examine the question of reliability of these networks by introducing a logic for verifying access control properties. This logic unifies a logic of belief with temporal logic, and establishes formal models of these systems that can then be proven to possess desirable properties.