Deploy, adjust and readjust: supporting dynamic reconfiguration of policy enforcement

Authors:
Gabriela Gheorghe;Bruno Crispo;Roberto Carbone;Lieven Desmet;Wouter Joosen
Affiliations:
DISI, Università degli Studi di Trento, Italy;DISI, Università degli Studi di Trento, Italy;Security and Trust Unit, FBK, Trento, Italy;IBBT-Distrinet, K.U. Leuven, Leuven, Belgium;IBBT-Distrinet, K.U. Leuven, Leuven, Belgium
Venue:
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
Year:
2011

Citing 7
Cited 2

The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms

The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
An authorization model for temporal and derived data: securing information portals

ACM Transactions on Information and System Security (TISSEC)
A note on the anatomy of federation

BT Technology Journal
Solving Non-Boolean Satisfiability Problems with Stochastic Local Search: A Comparison of Encodings

Journal of Automated Reasoning
Coordinating access control in grid services

Concurrency and Computation: Practice & Experience - Middleware for Grid Computing: Future Trends (MGC2006)
PERMIS: a modular authorization infrastructure

Concurrency and Computation: Practice & Experience - UK e-Science All Hands Meeting 2006
Scalable authorization middleware for service oriented architectures

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems

Toward efficient and confidentiality-aware federation of access control policies

Proceedings of the 7th Workshop on Middleware for Next Generation Internet Computing
Introducing concurrency in policy-based access control

Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

For large distributed applications, security and performance are two requirements often difficult to satisfy together. Addressing them separately leads more often to fast systems with security holes, rather than secure systems with poor performance. For instance, caching data needed for security decisions can lead to security violations when the data changes faster than the cache can refresh it. Retrieving such fresh data without caching it impacts performance. In this paper, we analyze a subproblem: how to dynamically configure a distributed authorization system when both security and performance requirements change. We examine data caching, retrieval and correlation, and propose a runtime management tool that, with external input, finds and enacts the customizations that satisfy both security and performance needs. Preliminary results show it takes around two seconds to find customization solutions in a setting with over one thousand authorization components.