RBAC and JXTA 1

Role Based Access Controland the

JXTA P2P Framework

Mark StampDept. of Computer

ScienceSan Jose State University

stamp@cs.sjsu.edu

Amit MathurSymantec Corporation

Suneuy KimDept. of Computer

ScienceSan Jose State University

RBAC and JXTA 2

Game Plan Role based access control (RBAC) Peer-to-peer (P2P) and JXTA RBAC for a P2P network (in JXTA) Secure?

RBAC and JXTA 3

What is Access Control? Authentication

o Who goes there? Authorization/Access control

o Are you allowed to do that?o User already has access to systemo Restrictions placed on user

For example, “rwx” in Unix

o Usually enforced by the operating system

RBAC and JXTA 4

What is RBAC? In RBAC

o Access determined by specified roleso Users assigned to roles

Good when user base changeso Roles are relatively stable

RBAC eases administrative burdeno Main advantage of RBAC

RBAC and JXTA 5

RBAC RBAC compatible with OO techniques

o Access to resource access to object method

o Role interface, where interface is set of methods that provide capability

RBAC provides separation of dutieso Least privilege, etc.

Many applications have clear roles

RBAC and JXTA 6

What is P2P? In contrast to client-server P2P peers can act as clients and servers

o Peers directly exchange datao Highly scalableo Different ways for peers to discover the data

Access control in P2P?o No “operating system”o No central authority to enforce access controlo This could be a problem…

RBAC and JXTA 7

What is JXTA? JXTA (short for “Juxtapose”) is open

source P2P standard proposed by Suno Takes care of the P2P “plumbing”

Usable, but has not really caught on (yet?)

RBAC and JXTA 8

RBAC for P2P? How can that be? No central authority! Consider content distribution problem

o Producer --- create digital contento Distributor --- gets content from producer to

sell to consumero Consumer --- purchase content

Seems like a sensible P2P applicationo And three obvious roles

RBAC and JXTA 9

JXTA Implementation We implemented a generic RBAC

system Access to resource == access to a

(remote) method via a “peer pipe” Use XML files to configure peers Every peer can

o Request method execution on remote peer or locally (client)

o Provide access to its methods (server)

RBAC and JXTA 10

JXTA Implementation All peers have same role

definition files at start Each peer in one role at a

time A peer cannot change

roleso Not as bad as it sounds

Peers must agree on role config and peer-to-role mapping

RBAC and JXTA 11

JXTA Implementation Peers start and each is given a name Initialize each peer using XML files

o Peer-to-role mapping and role definitions

Suppose Peer 1 makes request of Peer 2o Peer 1 sends its XML files to Peer 2o Peer 2 checks that its XML files agreeo Peer 2 verifies Peer 1’s role and its own role

If all is OK, Peer 2 executes requested method and returns result to Peer 1

RBAC and JXTA 12

JXTA Implementation For any specific application…

o Developer must define application-specific methods

o But no need to deal with RBAC issues Attacks?

o Peer 1 lies about its role to Peer 2 Requires cooperation of Peer 1 and Peer 2

o Peer 1 lies to itself Cannot prevent a peer from “attacking” itself

RBAC and JXTA 13

Bottom Line RBAC in P2P network

o Seems to make senseo Simple but useful approacho Implemented in JXTAo Developer only needs to develop

application-specific code (not RBAC) As secure as could be expected

o Given inherent limitations of P2P environment