An introduction to the design and analysis of fault-tolerant systems
Fault-tolerant computer system design
Proceedings of the Fifth International Conference on Data Engineering
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
Improving the Scalability of Fault-Tolerant Database Clusters
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Algorithms
Administering permissions for distributed data: factoring and automated inference
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Application Fault Tolerance with Armor Middleware
IEEE Internet Computing
CPOL: high-performance policy evaluation
Proceedings of the 12th ACM conference on Computer and communications security
An authorization framework for sharing data in web service federations
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Cooperative secondary authorization recycling
Proceedings of the 16th international symposium on High performance distributed computing
Authorization recycling in RBAC systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Access control caching strategies: an empirical evaluation
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Cue: a framework for generating meaningful feedback in XACML
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
An authorization framework resilient to policy evaluation failures
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Authorization recycling in hierarchical RBAC systems
ACM Transactions on Information and System Security (TISSEC)
Towards high performance security policy evaluation
The Journal of Supercomputing
Risk-based security decisions under uncertainty
Proceedings of the second ACM conference on Data and Application Security and Privacy
Idea: efficient evaluation of access control constraints
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
| Hi-index | 0.00 |
We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. Our secondary and approximate authorization model (SAAM) defines the notions of primary vs. secondary and precise vs. approximate authorizations. Approximate authorization responses are inferred from cached primary responses, and therefore provide an alternative source of access control decisions in the event that the authorization server is unavailable or slow. The ability to compute approximate authorizations improves the reliability and performance of access control sub-systems and ultimately the application systems themselves.The operation of a system that employs SAAM depends on the type of access control policy it implements. We propose and analyze algorithms for computing secondary authorizations in the case of policies based on the Bell-LaPadula model. In this context, we define a dominance graph, and describe its construction and usage for generating secondary responses to authorization requests. Preliminary results of evaluating SAAM BLP algorithms demonstrate a 30% increase in the number of authorization requests that can be served without consulting access control policies.