In
distributed transactional database systems deployed over cloud servers,
entities cooperate to form proofs of authorizations that are justified by
collections of certified credentials. These proofs and credentials may be
evaluated and collected over extended time periods under the risk of having the
underlying authorization policies or the user credentials being in inconsistent
states. It therefore becomes possible for policy-based authorization systems to
make unsafe decisions that might threaten sensitive resources. In this paper,
we highlight the criticality of the problem. We then define the notion of
trusted transactions when dealing with proofs of authorization. Accordingly, we
propose several increasingly stringent levels of policy consistency
constraints, and present different enforcement approaches to guarantee the
trustworthiness of transactions executing on cloud servers. We propose a
Two-Phase Validation Commit protocol as a solution, which is a modified version
of the basic Two-Phase Validation Commit protocols. We finally analyze the
different approaches presented using both analytical evaluation of the
overheads and simulations to guide the decision makers to which approach to
use.
No comments:
Post a Comment