Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
A simple implementation and performance evaluation extended-role based access control
SEPADS'05 Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems
Xengine: a fast and scalable XACML policy evaluation engine
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Authorization recycling in RBAC systems
Proceedings of the 13th ACM symposium on Access control models and technologies
ProActive Access Control for Business Process-Driven Environments
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Hi-index | 0.01 |
Users expect that systems react instantly. This is specifically the case for user-centric workflows running in multi-layered enterprise system landscapes which demand finegrained access control mechanisms and support for dynamic security policies. Thus, efficient evaluation of security policies becomes an important factor for the overall system performance. Caching approaches may help to address this issue. In previous work we introduced ProActive Caching as an approach that consists of two phases: first, in an online phase, we automatically determine a workflow-specific heuristic for pre-computing and caching access decisions during a process execution. Second, in an online phase, we use the determined heuristic for the cache management. Hence, ProActive Caching provides a framework which is able to pre-compute access decisions based on an offline analysis of the system. In this paper we present a demonstrator for this framework. It comprises a tool for generating the workflow-specific heuristics, as well as a ProActive Caching enabled business process system which uses the generated heuristics for pre-computing access decisions during process execution. An additional performance monitor shows the performance increase of the system.