Role-Based Access Control Models
Computer
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Customizable middleware for modular distributed software
Communications of the ACM
Proceedings of the Fifth International Conference on Data Engineering
A Review of the SESAME Development
ACISP '98 Proceedings of the Third Australasian Conference on Information Security and Privacy
Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
Administering permissions for distributed data: factoring and automated inference
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
An Authorization Scheme For Distributed Object Systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
First experiences using XACML for access control in distributed systems
Proceedings of the 2003 ACM workshop on XML security
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Characterizing the query behavior in peer-to-peer file sharing systems
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Application Fault Tolerance with Armor Middleware
IEEE Internet Computing
CPOL: high-performance policy evaluation
Proceedings of the 12th ACM conference on Computer and communications security
Static and Dynamic Weaving in System Software with AspectC++
HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 09
The secondary and approximate authorization model and its application to Bell-LaPadula policies
Proceedings of the eleventh ACM symposium on Access control models and technologies
Flooding and recycling authorizations
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
Cooperative secondary authorization recycling
Proceedings of the 16th international symposium on High performance distributed computing
Efficient access enforcement in distributed role-based access control (RBAC) deployments
Proceedings of the 14th ACM symposium on Access control models and technologies
Hi-index | 0.00 |
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization caching, which enables the reuse of previous authorization decisions, is one technique that has been used to address these challenges. This article introduces and evaluates the mechanisms for authorization “recycling” in RBAC enterprise systems. The algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. We evaluate these algorithms analytically as well as using simulation and a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed-access control mechanisms.