To the Best of Knowledge and Belief: On Eventually Consistent Access Control
Jacob, Florian
1; Hartenstein, Hannes 1
1 Institut für Informationssicherheit und Verlässlichkeit (KASTEL), Karlsruher Institut für Technologie (KIT)
1; Hartenstein, Hannes 11 Institut für Informationssicherheit und Verlässlichkeit (KASTEL), Karlsruher Institut für Technologie (KIT)
Abstract:
We are used to the conventional model of linearizable access control (LAC), implemented by a trusted central entity or by a set of distributed entities that coordinate to mimic a central entity.
The strength of LAC is rooted in the dependencies among entities, at the cost of reduced availability, scalability, and resilience under faults.
Systems that cannot afford dependencies among entities, like the ones based on conflict-free replicated data types (CRDTs), must break with the LAC convention, but gain fundamental advantages in availability, scalability, and resilience.
In this paper, we formalize eventually consistent access control (ECAC) that replaces up-front coordination with subsequent reconciliation, and study its theoretical guarantees in Byzantine environment at the practical example of Matrix, a CRDT-based group communication system.
Our core finding is that ECAC implies authorization to the best of knowledge and belief: an entity stores an action only if the action is authorized by immutable knowledge derived from its final set of preceding actions, and executes an action only if it is also authorized by the entity's mutable beliefs derived from the grow-only set of concurrent actions.
The strength of LAC is rooted in the dependencies among entities, at the cost of reduced availability, scalability, and resilience under faults.
Systems that cannot afford dependencies among entities, like the ones based on conflict-free replicated data types (CRDTs), must break with the LAC convention, but gain fundamental advantages in availability, scalability, and resilience.
In this paper, we formalize eventually consistent access control (ECAC) that replaces up-front coordination with subsequent reconciliation, and study its theoretical guarantees in Byzantine environment at the practical example of Matrix, a CRDT-based group communication system.
Our core finding is that ECAC implies authorization to the best of knowledge and belief: an entity stores an action only if the action is authorized by immutable knowledge derived from its final set of preceding actions, and executes an action only if it is also authorized by the entity's mutable beliefs derived from the grow-only set of concurrent actions.
| Zugehörige Institution(en) am KIT | Institut für Informationssicherheit und Verlässlichkeit (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsdatum | 04.06.2025 |
| Sprache | Englisch |
| Identifikator | ISBN: 979-8-4007-1476-4 KITopen-ID: 1000182337 |
| HGF-Programm | 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems |
| Erschienen in | Proceedings of the 15th ACM Conference on Data and Application Security and Privacy |
| Veranstaltung | 15th Association for Computing Machinery Conference on Data and Application Security and Privacy (ACM CODASPY 2025), Pittsburgh, PA, USA, 04.06.2025 – 06.06.2025 |
| Verlag | Association for Computing Machinery (ACM) |
| Seiten | 107–118 |
| Vorab online veröffentlicht am | 16.12.2024 |
| Nachgewiesen in | Scopus Dimensions OpenAlex |
| Relationen in KITopen |