Policy Enforcement in Distributed Environments
In scenarios in which several participants with different properties operate on a common database, the need for (automated) policy enforcement can arise. Enforcing access rights can be especially challenging in scenarios without a central governing instance.
This project developed a concept for automated enforcement of access policies in distributed systems. No central authority is responsible for this task; instead, participants can autonomously ensure that recipients of outgoing data can only perform explicitly permitted operations on these data. Naturally, accurate policy evaluation is key. Therefore, correct policy enforcement should be guaranteed with high a certainty and possible misconduct in the context of the policy evaluation process should be detectable and tolerable to a certain extent – all without resulting in access violations.
The concept developed in this project allows for decentralised enforcement of access policies, such that data can be encrypted, stored publicly, and access controls can be implemented without the creator of this data being involved in access, policy evaluation or enforcement processes. The foundation for this is a peer-to-peer network combined with secret sharing. The proposed concept was also designed with regard to distributed computing. In essence, the presented system is not tied to a specific scenario and can therefore be used both in distributed systems with a common database and, for example, in the context of traditional cloud storage services.