research-article

Matrix Decomposition: Analysis of an Access Control Approach on Transaction-based DAGs without Finality

Authors:

Jan Grashöfer,

Hannes HartensteinAuthors Info & Claims

SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies

Pages 81 - 92

https://doi.org/10.1145/3381991.3395399

Published: 10 June 2020 Publication History

Abstract

The Matrix message-oriented middleware (see https://matrix.org) is gaining momentum as a basis for a decentralized, secure messaging system as shown, for example, by its deployment within the French government and by the Mozilla foundation. Thus, understanding the corresponding access control approach is important. This paper provides an ab- straction and an analysis of the access control approach followed by Matrix. We show that Matrix can be seen as a form of Distributed Ledger Technology (DLT) based on Transaction-based Directed Acyclic Graphs (TDAGs). TDAGs connect individual transactions to form a DAG, instead of collecting transactions in blocks as in blockchains. These TDAGs only provide causal order, eventual consistency, and no finality. However, unlike conventional DLTs, Matrix does not aim for a strict system-wide consensus. Thus, there is also no guarantee for a strict consensus on access rights. By de- composition of the Matrix approach, we show that a sound decen- tralized access control can be implemented for TDAGs in general, and for Matrix in particular, despite those weak guarantees. In ad- dition, we discovered security issues in popular implementations and emphasize the need for a formal verification of the employed conflict resolution mechanism.

References

[1]

Philip A. Bernstein, Vassos Hadzilacos, and Nathan Goodman. 1987. Concurrency Control and Recovery in Database Systems. Addison-Wesley. isbn: 0--201--10715--5.

[2]

Matt Blaze, Joan Feigenbaum, and Jack Lacy. 1996. Decentralized Trust Management. In Proceedings of the 1996 IEEE Conference on Security and Privacy (SP'96). IEEE Computer Society, Oakland, California, 164--173. isbn: 0818674172.

Digital Library

[3]

Eric Brewer. 2012. CAP Twelve Years Later: How the "Rules" Have Changed. Computer, 2, 23--29.

[4]

Eric A Brewer. 2000. Towards robust distributed systems. In PODC. Vol. 7.

[5]

Vitalik Buterin. 2017. The Meaning of Decentralization. (Feb. 6, 2017). https://medium.com/@VitalikButerin/the-meaningof- decentralization-a0c92b76a274.

[6]

Travis Ralston et al. 2019. Room version 2. Retrieved Jan. 31, 2020 from https://matrix.org/docs/spec/rooms/v2.

[7]

Matthew Hodgson. 2019. Matrix in the French State. https: //fosdem.org/2019/schedule/event/matrix_french_state/.

[8]

Matthew Hodgson. 2019. The 2019 Matrix Holiday Update! https://matrix.org/blog/2019/12/24/the- 2019- matrixholiday- update.

[9]

Matthew Hodgson. 2020. The Path to Peer-to-Peer Matrix. https://fosdem.org/2020/schedule/event/dip_p2p_matrix/.

[10]

Mike Hoye. 2019. Synchronous Messaging at Mozilla: The Decision. (Dec. 1, 2019). https://discourse.mozilla.org/t/ synchronous-messaging-at-mozilla-the-decision/.

[11]

Florian Jacob, Jan Grashöfer, and Hannes Hartenstein. 2019. A Glimpse of the Matrix: Scalability issues of a new messageoriented data synchronization middleware. In Proc. ACM 20th Int. Middleware Conference Demos and Posters, 5--6.

Digital Library

[12]

Xin Jin, Ram Krishnan, and Ravi Sandhu. 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 41--55.

Digital Library

[13]

Erik Johnston. 2018. State Resolution: Reloaded. https : / / github.com/matrix- org/matrix-doc/blob/server_server/ release-r0.1.3/proposals/1442-state-resolution.md.

[14]

Arthur B Kahn. 1962. Topological sorting of large networks. Communications of the ACM, 5, 11, 558--562.

Digital Library

[15]

Niclas Kannengießer, Sebastian Lins, Tobias Dehling, and Ali Sunyaev. 2019. What Does Not Fit Can be Made to Fit! Trade-offs in Distributed Ledger Technology Designs. In Proceedings of the 52nd Hawaii International Conference on System Sciences.

[16]

Leslie Lamport. 1978. Time, Clocks, and the Ordering of Events in a Distributed System. Communications of the ACM, 21, 7, 558--565.

Digital Library

[17]

Lauri IW Pesonen, David M Eyers, and Jean Bacon. 2007. Access Control in Decentralised Publish/Subscribe Systems. JNW, 2, 2, 57--67.

[18]

Serguei Popov, Olivia Saa, and Paulo Finardi. 2019. Equilibria in the Tangle. Computers & Industrial Engineering, 136.

[19]

Ravi S. Sandhu. 1993. Lattice-based access control models. Computer, 26, 11, 9--19.

Digital Library

[20]

Ravi S. Sandhu. 1996. Role Hierarchies and Constraints for Lattice-Based Access Controls. In ESORICS.

[21]

Ravi S Sandhu, Edward J Coyne, Hal L Feinstein, and Charles E Youman. 1996. Role-based access control models. Computer, 29, 2, 38--47.

Digital Library

[22]

Tomoya Enokido and Makoto Takizawa. 2005. Concurrency control based on significancy on roles. In 11th Int. Conf. on Parallel and Distributed Systems (ICPADS'05). Vol. 1. (July 2005), 196--202.

Digital Library

[23]

Kaiwen Zhang and Hans-Arno Jacobsen. 2018. Towards Dependable, Scalable, and Pervasive Distributed Ledgers with Blockchains. In ICDCS, 1337--1346.

Cited By

Jacob FHartenstein H(2024)Logical Clocks and Monotonicity for Byzantine-Tolerant Replicated Data TypesProceedings of the 11th Workshop on Principles and Practice of Consistency for Distributed Data10.1145/3642976.3653034(37-43)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642976.3653034
Jacob FHartenstein HGonzalez Boix ESutra P(2023)On Extend-Only Directed Posets and Derived Byzantine-Tolerant Replicated Data TypesProceedings of the 10th Workshop on Principles and Practice of Consistency for Distributed Data10.1145/3578358.3591333(63-69)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3578358.3591333
Bayreuther SJacob FGrotz MKartmann RPeller-Konrad FPaus FHartenstein HAsfour TDietrich SChowdhury OTakabi D(2022)BlueSky: Combining Task Planning and Activity-Centric Access Control for Assistive Humanoid RobotsProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535018(185-194)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535018
Show More Cited By

Index Terms

Matrix Decomposition: Analysis of an Access Control Approach on Transaction-based DAGs without Finality

Recommendations

Rational Krylov: A Practical Algorithm for Large Sparse Nonsymmetric Matrix Pencils

The rational Krylov algorithm computes eigenvalues and eigenvectors of a regular not necessarily symmetric matrix pencil. It is a generalization of the shifted and inverted Arnoldi algorithm, where several factorizations with different shifts are used in ...
Orthogonal matrix and its application in Bloom's threshold scheme

Applying the Gram---Schmidt process (also called Gram---Schmidt orthogonalization) to a matrix $$M\in GL(n, {\mathbb {R}})$$M GL(n,R), set of $$n\times n$$n n invertible matrices over the field of real numbers, with the usual inner product gives easily ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies

June 2020

234 pages

ISBN:9781450375689

DOI:10.1145/3381991

General Chair:
Jorge Lobo
ICREA & Universitat Pompeu Fabra, Spain
,
Program Chairs:
Scott D. Stoller
Stony Brook University, USA
,
Peng Liu
Penn State University, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 June 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '20

Sponsor:

SIGSAC

SACMAT '20: The 25th ACM Symposium on Access Control Models and Technologies

June 10 - 12, 2020

Barcelona, Spain

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
554
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)3

Reflects downloads up to 24 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jacob FHartenstein H(2024)Logical Clocks and Monotonicity for Byzantine-Tolerant Replicated Data TypesProceedings of the 11th Workshop on Principles and Practice of Consistency for Distributed Data10.1145/3642976.3653034(37-43)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642976.3653034
Jacob FHartenstein HGonzalez Boix ESutra P(2023)On Extend-Only Directed Posets and Derived Byzantine-Tolerant Replicated Data TypesProceedings of the 10th Workshop on Principles and Practice of Consistency for Distributed Data10.1145/3578358.3591333(63-69)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3578358.3591333
Bayreuther SJacob FGrotz MKartmann RPeller-Konrad FPaus FHartenstein HAsfour TDietrich SChowdhury OTakabi D(2022)BlueSky: Combining Task Planning and Activity-Centric Access Control for Assistive Humanoid RobotsProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535018(185-194)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535018
Penelova M(2021)Access Control ModelsCybernetics and Information Technologies10.2478/cait-2021-004421:4(77-104)Online publication date: 1-Dec-2021
https://dl.acm.org/doi/10.2478/cait-2021-0044
Weidner MKleppmann MHugenroth DBeresford AKim YKim JVigna GShi E(2021)Key Agreement for Decentralized Secure Group Messaging with Strong Security GuaranteesProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484542(2024-2045)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484542
Jacob FBeer CHenze NHartenstein H(2021)Analysis of the Matrix Event Graph Replicated Data TypeIEEE Access10.1109/ACCESS.2021.30585769(28317-28333)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3058576

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents