Access Control for Weakly Consistent Replicated Information Systems.

Access control is an important aspect of information systems. It manages and enforces the rules that govern the access of users and applications to the data. In general, both data objects and access rules are subject to change over time, e.g., one might withdraw the right of a user to access a certain data object. In this paper, we present a new access control model for weakly consistent replicated information systems. Such systems are engineered to be partition-tolerant and higher available than strongly consistent systems - an important aspect in a networked world with mobile devices. In particular, they allow concurrent updates to different replicas and do not enforce serializability of operations. However, this relaxation of consistency threatens access control. If we withdraw the right of a user to access data object o at one replica and then modify o, the user should not be able to see this modification by accessing o on a second replica (information leakage). Our access control model targets eventually consistent data stores. It avoids information leakage and unauthorized modifications. Furthermore, it guarantees that modifications to the access rules initiated on different replicas eventually converge. Our model allows in particular to implement access-matrix based models such as the read-write-own model employed in file systems. In this paper, we define the model in an abstract way, explain its correctness properties, and describe how it can be efficiently implemented in state-of-the-art weakly consistent data stores.