SecSpaces: a Data-driven Coordination Model for Environments Open to Untrusted Agent∗

In this paper we initiate an investigation about security problems which occur when exploiting a Linda-like data driven coordination model in an open environment. In this scenario, there is no guarantee that all the agents accessing the shared tuple space are trusted. Starting from the analysis of the few proposals already available in the literature, we present a novel coordination model which provides mechanisms to manage tuple access control. The first mechanism supports logical partitions of the shared repository: in this way we can restrict the access to tuples inside a partition, simply by limiting the access to the partition itself. The second mechanism consists of adding to the tuples some extra information which exploit asymmetric cryptography in order, e.g., to authenticate the producer of a tuple or to identify its reader/consumer. Finally, we support the possibility to define access control policies based on the kind of operations an agent performs on a tuple, thus discriminating between (destructive) input and (non-destructive) read operations.