Evaluating distributed xacml policies
Proceedings of the 2007 ACM workshop on Secure web services
Xengine: a fast and scalable XACML policy evaluation engine
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Authorization recycling in RBAC systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Concurrent Enforcement of Usage Control Policies
POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
Performance evaluation of XACML PDP implementations
Proceedings of the 2008 ACM workshop on Secure web services
Analyzing Computer System Performance with Perl: PDQ
Analyzing Computer System Performance with Perl: PDQ
Idea: efficient evaluation of access control constraints
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Deploy, adjust and readjust: supporting dynamic reconfiguration of policy enforcement
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
A unified attribute-based access control model covering DAC, MAC and RBAC
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Toward efficient and confidentiality-aware federation of access control policies
Proceedings of the 7th Workshop on Middleware for Next Generation Internet Computing
| Hi-index | 0.00 |
Policy-based access control aims to decouple access control rules from the application they constrain by expressing these rules in declarative access control policies. Performance of policy-based access control is of growing importance, but concurrent and distributed policy evaluation has received little research attention and current policy evaluation engines are still single-machine and fully sequential to the best of our knowledge. We believe that concurrent policy evaluation is necessary to meet the performance and scalability requirements of next-generation internet applications and aid the maturation of policy-based access control. Therefore, this paper presents an initial exploration of concurrent policy evaluation. We illustrate the performance of current policy evaluation engines, model the performance of policy evaluation in terms of the characteristics of a policy, list opportunities for concurrency, describe the need for concurrency control and specifically show how concurrency can be used to improve throughput based on our prototype.