Diploma Thesis, TU-Vienna, 2015

The users of space-based applications are decoupled from each other in time and space because they interact with each other by writing and reading/taking objects to/from the space. This property of space-based applications is useful for modern applications.

 

The Peer Model is currently the highest abstraction of the space-based paradigm and facilitates the creation of reusable coordination patterns with the embedding of decoupled application logic. The Peer Model’s implementation in .Net is called PeerSpace.NET. Currently there exists no security mechanism for the PeerSpace.NET, which is important for its practical employment.

 

This thesis discusses the creation and implementation of a security model for the Peer-Space.NET. Due to the present P2P architecture, where no centralized server exists and no mutual trust can be assumed, several challenges arise for the creation of the security model.

 

The here presented security model protects the PeerSpace.NET against unauthorized access by means of a fine-grained policy. The access control is based on authenticated security attributes which identify the sender of entries. To facilitate access control for entries which are sent on behalf of other peers, indirect senders are also identified by their security attributes.

 

Access control decisions, i.e. granting or denying an operation, involves information about the content of sent entries and may depend on environmental context data. Further a peer’s security policy can be dynamically changed by the peer owner but the security administration can also be delegated to other users.

 

In a nutshell, a security model with a dynamic, content- and context-aware access control, which can also involve indirect senders for its security decision, is created and presented throughout this thesis.