Role-Based Access Control Models
Computer
An introduction to the design and analysis of fault-tolerant systems
Fault-tolerant computer system design
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proceedings of the Fifth International Conference on Data Engineering
Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
Administering permissions for distributed data: factoring and automated inference
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
An Authorization Scheme For Distributed Object Systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Application Fault Tolerance with Armor Middleware
IEEE Internet Computing
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
CPOL: high-performance policy evaluation
Proceedings of the 12th ACM conference on Computer and communications security
The secondary and approximate authorization model and its application to Bell-LaPadula policies
Proceedings of the eleventh ACM symposium on Access control models and technologies
Flooding and recycling authorizations
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
Cooperative secondary authorization recycling
Proceedings of the 16th international symposium on High performance distributed computing
Efficient access enforcement in distributed role-based access control (RBAC) deployments
Proceedings of the 14th ACM symposium on Access control models and technologies
ProActive caching: a framework for performance optimized access control evaluations
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Access control caching strategies: an empirical evaluation
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)
Proceedings of the first ACM conference on Data and application security and privacy
Towards high performance security policy evaluation
The Journal of Supercomputing
Risk-based security decisions under uncertainty
Proceedings of the second ACM conference on Data and Application Security and Privacy
Introducing concurrency in policy-based access control
Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing
| Hi-index | 0.01 |
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization recycling is one technique that has been used to address these challenges. This paper introduces and evaluates the mechanisms for authorization recycling in RBAC enterprise systems. The algorithms that support these mechanisms allow precise and approximate authorization decisions to be made, thereby masking possible failures of the policy decision point and reducing its load. We evaluate these algorithms analytically and using a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed access control mechanisms.