Duplication Problem in Treaty systems: Causes and Solutions


Yining Zhao, Alan Wood




Capabilities are a more scalable and adaptive access control approach compared with the conventional approaches such as ACLs, due to their being held and managed by users or agents in systems, but not the middleware. This feature makes capabilities more suitable in distributed environments that have dynamic populations. Treaties have been proposed to enhance the capability approach by introducing sequences of actions, such that treaties can capture characteristics of behaviours, and provide finer control over accesses. However there is a new problem brought by the behaviour modeling of treaties which is called duplication problem, which concerns preventing users from gaining unauthorized behaviour by duplicating treaties. In this paper we provide the formal definitions of treaty operations, and discuss the causes of the duplication problem, and how treaty operations can affect this. We also propose three models of treaty systems that aim to solve the duplication problem, and evaluating their performance and scalability.