SAP R/3 business blueprint: understanding the business process reference model
SAP R/3 business blueprint: understanding the business process reference model
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Usability Engineering
Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
A case study in access control requirements for a Health Information System
ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
ARC: A Self-Tuning, Low Overhead Replacement Cache
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
CPOL: high-performance policy evaluation
Proceedings of the 12th ACM conference on Computer and communications security
The secondary and approximate authorization model and its application to Bell-LaPadula policies
Proceedings of the eleventh ACM symposium on Access control models and technologies
An evaluation of buffer management strategies for relational database systems
VLDB '85 Proceedings of the 11th international conference on Very Large Data Bases - Volume 11
Authorization recycling in RBAC systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Performance evaluation of XACML PDP implementations
Proceedings of the 2008 ACM workshop on Secure web services
ProActive Access Control for Business Process-Driven Environments
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
ProActive Caching: Generating Caching Heuristics for Business Process Environments
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
| Hi-index | 0.00 |
Modern enterprise systems comprise a fine-grained enforcement of complex access control policies. Consequently, the efficient evaluation of security policies is a significant factor for the overall system performance. Moreover, modern enterprise systems are inherently based on process and workflow models. These models enable new approaches for improving the performance of security evaluations. Caching is widely used for improving the performance and the reliability of systems. The dynamic nature of today's workflow systems, both in terms of changing workflows and in terms of dynamic security policies impose particular challenges on the caching of access control decisions. We present a caching strategy that exploits business process models for avoiding cache misses. Moreover, we provide a detailed performance analysis of different caching strategies for static and dynamic aspects of access control policies, providing the required metrics for informed design decisions.