<div class="csl-bib-body">
<div class="csl-entry">Craß, S. (2020). <i>Secure coordination through fine-grained access control for space-based computing middleware</i> [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2020.81200</div>
</div>
-
dc.identifier.uri
https://doi.org/10.34726/hss.2020.81200
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/15157
-
dc.description.abstract
Developing distributed systems with multiple stakeholders and evolving requirements is a highly complex task, which can be simplified by the usage of middleware with suitable coordination abstractions. However, in open environments like the Internet, also security and trust among the participants have to be considered. Each participant must be able to protect access to its own data and services in a flexible way. This also applies to space-based middleware, which enables data-driven coordination among autonomous processes using decoupled communication via shared spaces. This thesis therefore aims at integrating space-based coordination with security by creating a novel authorization concept that adapts well-established access control principles to the characteristic properties of space-based middleware. The concept relies on simple yet expressive authorization rules that restrict operations on specific space partitions, thus allowing for fine-grained access control. Permissions may depend on authenticated subject attributes, properties of the accessed content, and additional context information. This approach enables administrators to grant each participant only permissions that are actually necessary for planned interactions. It is presentedby means of access control models for two related middleware technologies that cover different aspects of space-based coordination. XVSM provides configurable sub-spaces with extensible query features, while the Peer Model supports a hierarchical space structure with customizable coordination logic for conditional message routing and service invocations. Using the intrinsic coordination mechanisms of the respective middleware, authorization policies can be configured independently for each distributed space, whereas administrator privileges for dynamic policy modifications are specified in the same way as regular permissions. Security is further increased by the usage of multiple protection layers, so that permissions need to be acquired at different levels. Due to an integrated delegation and trust concept, the approach is suitable for open environments without fixed trust assumptions. To enable their practical application, the conceptualized access control models are integrated into the respective middleware architectures and their prototypical runtime implementations. Reusability is promoted via the specification of patterns for secure coordination, which provide generic solutions for common coordination tasks by combining the required coordination logic with suitable authorization policies for protecting all involved spaces. The feasibility of the approach is demonstrated via a series of case studies that cover different security constraints and application domains.
en
dc.language
English
-
dc.language.iso
en
-
dc.rights.uri
http://rightsstatements.org/vocab/InC/1.0/
-
dc.subject
access control model
en
dc.subject
coordination middleware
en
dc.subject
space-based computing
en
dc.subject
patterns
en
dc.subject
XVSM
en
dc.subject
Peer Model
en
dc.title
Secure coordination through fine-grained access control for space-based computing middleware
en
dc.type
Thesis
en
dc.type
Hochschulschrift
de
dc.rights.license
In Copyright
en
dc.rights.license
Urheberrechtsschutz
de
dc.identifier.doi
10.34726/hss.2020.81200
-
dc.contributor.affiliation
TU Wien, Österreich
-
dc.rights.holder
Stefan Craß
-
dc.publisher.place
Wien
-
tuw.version
vor
-
tuw.thesisinformation
Technische Universität Wien
-
tuw.publication.orgunit
E194 - Institut für Information Systems Engineering
-
dc.type.qualificationlevel
Doctoral
-
dc.identifier.libraryid
AC15686214
-
dc.description.numberOfPages
266
-
dc.thesistype
Dissertation
de
dc.thesistype
Dissertation
en
dc.rights.identifier
In Copyright
en
dc.rights.identifier
Urheberrechtsschutz
de
tuw.advisor.staffStatus
staff
-
item.openaccessfulltext
Open Access
-
item.openairecristype
http://purl.org/coar/resource_type/c_db06
-
item.grantfulltext
open
-
item.mimetype
application/pdf
-
item.languageiso639-1
en
-
item.openairetype
doctoral thesis
-
item.fulltext
with Fulltext
-
item.cerifentitytype
Publications
-
crisitem.author.dept
E194-05 - Forschungsbereich Compilers and Languages
-
crisitem.author.parentorg
E194 - Institut für Information Systems Engineering