skip to main content
10.1145/3381991.3395399acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

Matrix Decomposition: Analysis of an Access Control Approach on Transaction-based DAGs without Finality

Published: 10 June 2020 Publication History

Abstract

The Matrix message-oriented middleware (see https://matrix.org) is gaining momentum as a basis for a decentralized, secure messaging system as shown, for example, by its deployment within the French government and by the Mozilla foundation. Thus, understanding the corresponding access control approach is important. This paper provides an ab- straction and an analysis of the access control approach followed by Matrix. We show that Matrix can be seen as a form of Distributed Ledger Technology (DLT) based on Transaction-based Directed Acyclic Graphs (TDAGs). TDAGs connect individual transactions to form a DAG, instead of collecting transactions in blocks as in blockchains. These TDAGs only provide causal order, eventual consistency, and no finality. However, unlike conventional DLTs, Matrix does not aim for a strict system-wide consensus. Thus, there is also no guarantee for a strict consensus on access rights. By de- composition of the Matrix approach, we show that a sound decen- tralized access control can be implemented for TDAGs in general, and for Matrix in particular, despite those weak guarantees. In ad- dition, we discovered security issues in popular implementations and emphasize the need for a formal verification of the employed conflict resolution mechanism.

References

[1]
Philip A. Bernstein, Vassos Hadzilacos, and Nathan Goodman. 1987. Concurrency Control and Recovery in Database Systems. Addison-Wesley. isbn: 0--201--10715--5.
[2]
Matt Blaze, Joan Feigenbaum, and Jack Lacy. 1996. Decentralized Trust Management. In Proceedings of the 1996 IEEE Conference on Security and Privacy (SP'96). IEEE Computer Society, Oakland, California, 164--173. isbn: 0818674172.
[3]
Eric Brewer. 2012. CAP Twelve Years Later: How the "Rules" Have Changed. Computer, 2, 23--29.
[4]
Eric A Brewer. 2000. Towards robust distributed systems. In PODC. Vol. 7.
[5]
Vitalik Buterin. 2017. The Meaning of Decentralization. (Feb. 6, 2017). https://medium.com/@VitalikButerin/the-meaningof- decentralization-a0c92b76a274.
[6]
Travis Ralston et al. 2019. Room version 2. Retrieved Jan. 31, 2020 from https://matrix.org/docs/spec/rooms/v2.
[7]
Matthew Hodgson. 2019. Matrix in the French State. https: //fosdem.org/2019/schedule/event/matrix_french_state/.
[8]
Matthew Hodgson. 2019. The 2019 Matrix Holiday Update! https://matrix.org/blog/2019/12/24/the- 2019- matrixholiday- update.
[9]
Matthew Hodgson. 2020. The Path to Peer-to-Peer Matrix. https://fosdem.org/2020/schedule/event/dip_p2p_matrix/.
[10]
Mike Hoye. 2019. Synchronous Messaging at Mozilla: The Decision. (Dec. 1, 2019). https://discourse.mozilla.org/t/ synchronous-messaging-at-mozilla-the-decision/.
[11]
Florian Jacob, Jan Grashöfer, and Hannes Hartenstein. 2019. A Glimpse of the Matrix: Scalability issues of a new messageoriented data synchronization middleware. In Proc. ACM 20th Int. Middleware Conference Demos and Posters, 5--6.
[12]
Xin Jin, Ram Krishnan, and Ravi Sandhu. 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 41--55.
[13]
Erik Johnston. 2018. State Resolution: Reloaded. https : / / github.com/matrix- org/matrix-doc/blob/server_server/ release-r0.1.3/proposals/1442-state-resolution.md.
[14]
Arthur B Kahn. 1962. Topological sorting of large networks. Communications of the ACM, 5, 11, 558--562.
[15]
Niclas Kannengießer, Sebastian Lins, Tobias Dehling, and Ali Sunyaev. 2019. What Does Not Fit Can be Made to Fit! Trade-offs in Distributed Ledger Technology Designs. In Proceedings of the 52nd Hawaii International Conference on System Sciences.
[16]
Leslie Lamport. 1978. Time, Clocks, and the Ordering of Events in a Distributed System. Communications of the ACM, 21, 7, 558--565.
[17]
Lauri IW Pesonen, David M Eyers, and Jean Bacon. 2007. Access Control in Decentralised Publish/Subscribe Systems. JNW, 2, 2, 57--67.
[18]
Serguei Popov, Olivia Saa, and Paulo Finardi. 2019. Equilibria in the Tangle. Computers & Industrial Engineering, 136.
[19]
Ravi S. Sandhu. 1993. Lattice-based access control models. Computer, 26, 11, 9--19.
[20]
Ravi S. Sandhu. 1996. Role Hierarchies and Constraints for Lattice-Based Access Controls. In ESORICS.
[21]
Ravi S Sandhu, Edward J Coyne, Hal L Feinstein, and Charles E Youman. 1996. Role-based access control models. Computer, 29, 2, 38--47.
[22]
Tomoya Enokido and Makoto Takizawa. 2005. Concurrency control based on significancy on roles. In 11th Int. Conf. on Parallel and Distributed Systems (ICPADS'05). Vol. 1. (July 2005), 196--202.
[23]
Kaiwen Zhang and Hans-Arno Jacobsen. 2018. Towards Dependable, Scalable, and Pervasive Distributed Ledgers with Blockchains. In ICDCS, 1337--1346.

Cited By

View all
  • (2024)Logical Clocks and Monotonicity for Byzantine-Tolerant Replicated Data TypesProceedings of the 11th Workshop on Principles and Practice of Consistency for Distributed Data10.1145/3642976.3653034(37-43)Online publication date: 22-Apr-2024
  • (2023)On Extend-Only Directed Posets and Derived Byzantine-Tolerant Replicated Data TypesProceedings of the 10th Workshop on Principles and Practice of Consistency for Distributed Data10.1145/3578358.3591333(63-69)Online publication date: 8-May-2023
  • (2022)BlueSky: Combining Task Planning and Activity-Centric Access Control for Assistive Humanoid RobotsProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535018(185-194)Online publication date: 7-Jun-2022
  • Show More Cited By

Index Terms

  1. Matrix Decomposition: Analysis of an Access Control Approach on Transaction-based DAGs without Finality

                        Recommendations

                        Comments

                        Information & Contributors

                        Information

                        Published In

                        cover image ACM Conferences
                        SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies
                        June 2020
                        234 pages
                        ISBN:9781450375689
                        DOI:10.1145/3381991
                        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

                        Sponsors

                        Publisher

                        Association for Computing Machinery

                        New York, NY, United States

                        Publication History

                        Published: 10 June 2020

                        Permissions

                        Request permissions for this article.

                        Check for updates

                        Author Tags

                        1. access control
                        2. decentralized
                        3. distributed ledger technology
                        4. matrix
                        5. policy information
                        6. publish-subscribe
                        7. transaction-based directed acyclic graphs

                        Qualifiers

                        • Research-article

                        Conference

                        SACMAT '20
                        Sponsor:

                        Acceptance Rates

                        Overall Acceptance Rate 177 of 597 submissions, 30%

                        Contributors

                        Other Metrics

                        Bibliometrics & Citations

                        Bibliometrics

                        Article Metrics

                        • Downloads (Last 12 months)49
                        • Downloads (Last 6 weeks)3
                        Reflects downloads up to 24 Sep 2024

                        Other Metrics

                        Citations

                        Cited By

                        View all
                        • (2024)Logical Clocks and Monotonicity for Byzantine-Tolerant Replicated Data TypesProceedings of the 11th Workshop on Principles and Practice of Consistency for Distributed Data10.1145/3642976.3653034(37-43)Online publication date: 22-Apr-2024
                        • (2023)On Extend-Only Directed Posets and Derived Byzantine-Tolerant Replicated Data TypesProceedings of the 10th Workshop on Principles and Practice of Consistency for Distributed Data10.1145/3578358.3591333(63-69)Online publication date: 8-May-2023
                        • (2022)BlueSky: Combining Task Planning and Activity-Centric Access Control for Assistive Humanoid RobotsProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535018(185-194)Online publication date: 7-Jun-2022
                        • (2021)Access Control ModelsCybernetics and Information Technologies10.2478/cait-2021-004421:4(77-104)Online publication date: 1-Dec-2021
                        • (2021)Key Agreement for Decentralized Secure Group Messaging with Strong Security GuaranteesProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484542(2024-2045)Online publication date: 12-Nov-2021
                        • (2021)Analysis of the Matrix Event Graph Replicated Data TypeIEEE Access10.1109/ACCESS.2021.30585769(28317-28333)Online publication date: 2021

                        View Options

                        Get Access

                        Login options

                        View options

                        PDF

                        View or Download as a PDF file.

                        PDF

                        eReader

                        View online with eReader.

                        eReader

                        Media

                        Figures

                        Other

                        Tables

                        Share

                        Share

                        Share this Publication link

                        Share on social media