Cooperative Policy Control for Peer-to-Peer Data Distribution
MetadataShow full item record
Many network applications (such as swarming downloads, peer-to-peer video streaming and file sharing) are made possible by using large groups of peers to distribute and process data. Securing data in such a system requires not just data originators, but also those “distributors,” to enforce access control, verify integrity, or make other content-specific security decisions for the replicated or adapted data. In this paper, we introduce the concepts of cooperative policy enforcement and request type checking, and propose an implementation framework Q which uses these approaches to secure data in peer-to-peer systems. The Q framework associates every data object with relocatable policy descriptors which distributors can use to determine whether a request for that object should be granted and whether a data transfer meets a request. With minimal changes to the application or the framework, Q can define and enforce arbitrarily sophisticated policies across a wide range of applications. Policies can be written to work across applications, or to include application-specific criteria and behavior. We will also discuss integrating Q with several peer-to-peer applications, including Gnutella, distributed hash tables such as CAN and Chord, peer-to-peer video streaming, HTTP swarming and application-level routing.