Abstract
In addition to basic security services such as confidentiality,
integrity and data source authentication, a secure group
communication system should also provide authentication
of participants and access control to group resources. While
considerable research has been conducted on providing
confidentiality and integrity for group communication, less
work focused on group access control services. In the
context of group communication, specifying and enforcing
access control becomes more challenging because of the
dynamic and distributed nature of groups and the fault
tolerance issues (i.e. withstanding process faults and
network partitions).
In this paper we analyze the requirements access control
mechanisms must fulfill in the context of group communication
and define a framework for supporting fine-grained access
control in client-server group communication systems.
Our framework combines role-based access control mechanisms
with environment parameters (time, IP address, etc.) to provide
policy support for a wide range of applications with very different
requirements. While policy is defined by the application, its efficient
enforcement is provided by the group communication system.
%We discuss how such a framework addresses the unique needs
%of group communication systems and can be supported and
%enforced in an efficient manner in Spread, a publicly available
%group communication system.