Providing location information in a ubiquitous computing environment (panel session)
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Oporto: A Realistic Scenario Generator for Moving Objects
Geoinformatica
A Framework for Generating Network-Based Moving Objects
Geoinformatica
On the Generation of Spatiotemporal Datasets
SSD '99 Proceedings of the 6th International Symposium on Advances in Spatial Databases
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Spatial queries in dynamic environments
ACM Transactions on Database Systems (TODS)
An architecture for privacy-sensitive ubiquitous computing
Proceedings of the 2nd international conference on Mobile systems, applications, and services
SINA: scalable incremental processing of continuous queries in spatio-temporal databases
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Traust: a trust negotiation-based authorization service for open systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
The secondary and approximate authorization model and its application to Bell-LaPadula policies
Proceedings of the eleventh ACM symposium on Access control models and technologies
Cooperative secondary authorization recycling
Proceedings of the 16th international symposium on High performance distributed computing
The Traust Authorization Service
ACM Transactions on Information and System Security (TISSEC)
Towards an efficient and language-agnostic compliance checker for trust negotiation systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Authorization recycling in RBAC systems
Proceedings of the 13th ACM symposium on Access control models and technologies
The ProD framework for proactive displays
Proceedings of the 21st annual ACM symposium on User interface software and technology
Efficient access enforcement in distributed role-based access control (RBAC) deployments
Proceedings of the 14th ACM symposium on Access control models and technologies
Proceedings of the VLDB Endowment
Effective trust management through a hybrid logical and relational approach
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Access control caching strategies: an empirical evaluation
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Attribute-Based Messaging: Access Control and Confidentiality
ACM Transactions on Information and System Security (TISSEC)
An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)
Proceedings of the first ACM conference on Data and application security and privacy
Authorization recycling in hierarchical RBAC systems
ACM Transactions on Information and System Security (TISSEC)
Survey Paper: A survey on policy languages in network and security management
Computer Networks: The International Journal of Computer and Telecommunications Networking
Towards high performance security policy evaluation
The Journal of Supercomputing
Risk-based security decisions under uncertainty
Proceedings of the second ACM conference on Data and Application Security and Privacy
Hi-index | 0.00 |
Policy enforcement is an integral part of many applications. Policies are often used to control access to sensitive information. Current policy specification languages give users fine-grained control over when and how information can be accessed, and are flexible enough to be used in a variety of applications. Evaluation of these policies, however, is not optimized for performance. Emerging applications, such as real-time enforcement of privacy policies in a sensor network or location-aware computing environment, require high throughput. Our experiments indicate that current policy enforcement solutions are unable to deliver the level of performance needed for such systems, and limit their overall scalability. To deal with the need for high-throughput evaluation, we propose CPOL, a flexible C++ framework for policy evaluation. CPOL is designed to evaluate policies as efficiently as possible, and still maintain a level of expressiveness comparable to current policy languages. CPOL achieves its performance goals by efficiently evaluating policies and caching query results (while still preserving correctness). To evaluate CPOL, we ran a simulated workload of users making privacy queries in a location-sensing infrastructure. CPOL was able to handle policy evaluation requests two to six orders of magnitude faster than a MySql implementation and an existing policy evaluation system. We present the design and implementation of CPOL, a high-performance policy evaluation engine, along with our testing methodology and experimental results.