Access Control for Ad-hoc Collaboration (Thesis)

Report ID: TR-634-01

---

Author: Balfanz, Dirk

---

Date: 2001-01-00

---

Pages: 152

---

Download Formats: |PDF| |Postscript|

---

Abstract:

With the advent of networks that span administrative domains, increasing mobility, and even global-area networks, we find ourselves more and more often in situations where we do not know the potential parties accessing our computer systems. Yet, we choose to collaborate with those parties: For example, we frequently browse unknown Web sites, or invite unknown clients to access our servers. We call a scenario in which parties choose to collaborate that do not necessarily trust each other, or even know each other, an ad-hoc collaboration.

This dissertation investigates how we can protect our sensitive resources in the presence of ad-hoc collaboration. In particular, we study three ad-hoc collaboration scenarios and propose novel access control schemes for each of them. In our first system we propose and implement an access control mechanism for distributed Java applications that can span administrative domains. It uses an access control logic to allow servers to reason about the access privileges of unknown clients. Our second system presents a simple security model for the personal computer, in which the user's workstation is divided into multiple desktops. Each desktop is sealed off from the others, confining the possibly dangerous results of ad-hoc collaboration. Our last system investigates ad-hoc collaboration with hand-held computers. We present a framework that allows developers to write ``split applications'': Part of the application runs on a trusted, but computationally limited, small computer, and part of the application runs on an untrusted, but more powerful PC.