Enforcing Policy and Data Consistency of Cloud Transactions

2011 31st International Conference on Distributed Computing Systems Workshops Pub Date : 2011-06-20 DOI:10.1109/ICDCSW.2011.42

M. Iskander, D. Wilkinson, Adam J. Lee, Panos K. Chrysanthis

{"title":"Enforcing Policy and Data Consistency of Cloud Transactions","authors":"M. Iskander, D. Wilkinson, Adam J. Lee, Panos K. Chrysanthis","doi":"10.1109/ICDCSW.2011.42","DOIUrl":null,"url":null,"abstract":"In distributed transactional database systems deployed over cloud servers, entities cooperate to form proofs of authorizations that are justified by collections of certified credentials. These proofs and credentials may be evaluated and collected over extended time periods under the risk of having the underlying authorization policies or the user credentials being in inconsistent states. It therefore becomes possible for a policy-based authorization systems to make unsafe decisions that might threaten sensitive resources. In this paper, we highlight the criticality of the problem. We then present the first formalization of the concept of trusted transactions when dealing with proofs of authorizations. Accordingly, we define different levels of policy consistency constraints and present different enforcement approaches to guarantee the trustworthiness of transactions executing on cloud servers. We propose a Two-Phase Validation Commit protocol as a solution, that is a modified version of the basic Two-Phase Commit protocols. We finally provide performance analysis of the different presented approaches to guide the decision makers in which approach to use.","PeriodicalId":133514,"journal":{"name":"2011 31st International Conference on Distributed Computing Systems Workshops","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 31st International Conference on Distributed Computing Systems Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDCSW.2011.42","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 23

Abstract

In distributed transactional database systems deployed over cloud servers, entities cooperate to form proofs of authorizations that are justified by collections of certified credentials. These proofs and credentials may be evaluated and collected over extended time periods under the risk of having the underlying authorization policies or the user credentials being in inconsistent states. It therefore becomes possible for a policy-based authorization systems to make unsafe decisions that might threaten sensitive resources. In this paper, we highlight the criticality of the problem. We then present the first formalization of the concept of trusted transactions when dealing with proofs of authorizations. Accordingly, we define different levels of policy consistency constraints and present different enforcement approaches to guarantee the trustworthiness of transactions executing on cloud servers. We propose a Two-Phase Validation Commit protocol as a solution, that is a modified version of the basic Two-Phase Commit protocols. We finally provide performance analysis of the different presented approaches to guide the decision makers in which approach to use.

查看原文本刊更多论文

执行云交易的策略和数据一致性

在部署在云服务器上的分布式事务数据库系统中，实体协作形成授权证明，这些授权证明由经过认证的凭据集合证明。这些证明和凭证可能会在较长时间内进行评估和收集，并且存在底层授权策略或用户凭证处于不一致状态的风险。因此，基于策略的授权系统可能会做出可能威胁到敏感资源的不安全决策。在本文中，我们强调了这个问题的重要性。然后，我们提出了在处理授权证明时可信事务概念的第一个形式化。因此，我们定义了不同级别的策略一致性约束，并提出了不同的强制方法来保证在云服务器上执行的事务的可信度。我们提出了一个两阶段验证提交协议作为解决方案，它是基本两阶段提交协议的修改版本。最后，我们提供了不同方法的性能分析，以指导决策者使用哪种方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 31st International Conference on Distributed Computing Systems Workshops

自引率

0.00%

发文量