Flooding and recycling authorizations

Authors:
Konstantin (Kosta) Beznosov
Affiliations:
University of British Columbia, Vancouver, Canada
Venue:
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Year:
2005

Citing 9
Cited 3

Computer architecture (2nd ed.): a quantitative approach

Computer architecture (2nd ed.): a quantitative approach
An Access Authorization Model for Relational Databases Based on Algebraic Manipulation of View Definitions

Proceedings of the Fifth International Conference on Data Engineering
Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management

Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Access control with IBM Tivoli access manager

ACM Transactions on Information and System Security (TISSEC)
A Resource Access Decision Service for CORBA-Based Distributed Systems

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Administering permissions for distributed data: factoring and automated inference

Das'01 Proceedings of the fifteenth annual working conference on Database and application security
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
Extending query rewriting techniques for fine-grained access control

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
World-wide web cache consistency

ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference

Cooperative secondary authorization recycling

Proceedings of the 16th international symposium on High performance distributed computing
Authorization recycling in RBAC systems

Proceedings of the 13th ACM symposium on Access control models and technologies
Authorization recycling in hierarchical RBAC systems

ACM Transactions on Information and System Security (TISSEC)

Quantified Score

Hi-index	0.00

Visualization

Abstract

The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and inefficient solutions. They also fail to exploit virtually free CPU resources and network bandwidth. This paper proposes leveraging publish-subscribe architectures for increased reliability and efficiency by flooding delivery channels with speculatively pre-computed authorizations and actively recycling them on a just-in-time basis.