2 resultados para Key-value store
em Duke University
Resumo:
Secure Access For Everyone (SAFE), is an integrated system for managing trust
using a logic-based declarative language. Logical trust systems authorize each
request by constructing a proof from a context---a set of authenticated logic
statements representing credentials and policies issued by various principals
in a networked system. A key barrier to practical use of logical trust systems
is the problem of managing proof contexts: identifying, validating, and
assembling the credentials and policies that are relevant to each trust
decision.
SAFE addresses this challenge by (i) proposing a distributed authenticated data
repository for storing the credentials and policies; (ii) introducing a
programmable credential discovery and assembly layer that generates the
appropriate tailored context for a given request. The authenticated data
repository is built upon a scalable key-value store with its contents named by
secure identifiers and certified by the issuing principal. The SAFE language
provides scripting primitives to generate and organize logic sets representing
credentials and policies, materialize the logic sets as certificates, and link
them to reflect delegation patterns in the application. The authorizer fetches
the logic sets on demand, then validates and caches them locally for further
use. Upon each request, the authorizer constructs the tailored proof context
and provides it to the SAFE inference for certified validation.
Delegation-driven credential linking with certified data distribution provides
flexible and dynamic policy control enabling security and trust infrastructure
to be agile, while addressing the perennial problems related to today's
certificate infrastructure: automated credential discovery, scalable
revocation, and issuing credentials without relying on centralized authority.
We envision SAFE as a new foundation for building secure network systems. We
used SAFE to build secure services based on case studies drawn from practice:
(i) a secure name service resolver similar to DNS that resolves a name across
multi-domain federated systems; (ii) a secure proxy shim to delegate access
control decisions in a key-value store; (iii) an authorization module for a
networked infrastructure-as-a-service system with a federated trust structure
(NSF GENI initiative); and (iv) a secure cooperative data analytics service
that adheres to individual secrecy constraints while disclosing the data. We
present empirical evaluation based on these case studies and demonstrate that
SAFE supports a wide range of applications with low overhead.
Resumo:
The first edition of Global Value Chain Analysis: A Primer was released five years ago (May 2011) in order to provide an overview of the key concepts and methodological tools used by Duke University’s Center on Globalization, Governance & Competitiveness (Duke CGGC) a university-based research center that focuses on innovative applications of the GVC framework, which was developed by Duke CGGC’s founding director, Gary Gereffi. The Second Edition of Global Value Chain Analysis: A Primer (July 2016) retains a simple, expository style and use of recent research examples in order to offer an entry point for those wishing to better understand and use the GVC framework as a tool to analyze how local actors (firms, communities, workers) are linked to and affected by major transformations in the global economy. The GVC framework focuses on structural shifts in global industries, anchored by the core concepts of governance and upgrading. This Second Edition highlights some of the refinements in these concepts, and introduces a number of new illustrations drawing from recent Duke CGGC research. The bibliography offers a sampling of the broad array of studies available on the Duke CGGC website and in related academic publications. We hope this work stimulates continued interest in and use of the GVC framework as a tool to promote more dynamic, inclusive and sustainable development outcomes for all economies and the local actors within them.
