A trusted decentralized access control framework for the client/server architecture

This paper proposes a trusted decentralized access control (TDAC) framework for the client/server architecture. As the fundamental principle, TDAC enforces access control policies at the client side and protects sensitive objects at the server side by leveraging trusted computing technologies. Compared with the previous work of Sandhu and Zhang (2005), TDAC uses fewer requirements for trusted components. To implement TDAC, we design a private trusted reference monitor that runs at the client side, evaluates an access control request, and signs a temporary access control credential for a client application trustworthily; we also design a master reference monitor that runs at the server side, evaluates the request from the client application only according to the temporary access control credential. As a typical application, TDAC can protect client's private context data in subject-context aware access control.