The design philosophy of the DARPA internet protocols
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Role-Based Access Control Models
Computer
Decentralized user-role assignment for Web-based intranets
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Napoleon: network application policy environment
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
End-to-end arguments in system design
ACM Transactions on Computer Systems (TOCS)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Towards Security in an Open Systems Federation
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Why Enterprises Need More than Firewalls and Intrusion Detection Systems
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Heimdal and Windows 2000 Kerberos - How to Get Them to Play Together
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
ACM SIGOPS Operating Systems Review
The role control center: features and case studies
Proceedings of the eighth ACM symposium on Access control models and technologies
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Security Policy Coordination for Heterogeneous Information Systems
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Policy-Based Management: Bridging the Gap
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Role-Based Access Control
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Strongman: a scalable solution to trust management in networks
Strongman: a scalable solution to trust management in networks
ACM Transactions on Information and System Security (TISSEC)
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
An architecture for advanced packet filtering
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Decentralized access control in distributed file systems
ACM Computing Surveys (CSUR)
QuanTM: a quantitative trust management system
Proceedings of the Second European Workshop on System Security
Poster: trans-organizational role-based access control
Proceedings of the 18th ACM conference on Computer and communications security
Nephele: Scalable Access Control for Federated File Services
Journal of Grid Computing
| Hi-index | 0.00 |
Maximizing local autonomy by delegating functionality to end nodes when possible (the end-to-end design principle) has led to a scalable Internet. Scalability and the capacity for distributed control have unfortunately not extended well to resource access-control policies and mechanisms. Yet management of security is becoming an increasingly challenging problem in no small part due to scaling up of measures such as number of users, protocols, applications, network elements, topological constraints, and functionality expectations. In this article, we discuss scalability challenges for traditional access-control mechanisms at the architectural level and present a set of fundamental requirements for authorization services in large-scale networks. We show why existing mechanisms fail to meet these requirements and investigate the current design options for a scalable access-control architecture. We argue that the key design options to achieve scalability are the choice of the representation of access control policy, the distribution mechanism for policy, and the choice of the access-rights revocation scheme. Although these ideas have been considered in the past, current access-control systems in use continue to use simpler but restrictive architectural models. With this article, we hope to influence the design of future access-control systems towards more decentralized and scalable mechanisms.