An introduction to the design and analysis of fault-tolerant systems
Fault-tolerant computer system design
Towards robust distributed systems (abstract)
Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing
A survey of web caching schemes for the Internet
ACM SIGCOMM Computer Communication Review
Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems
Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
HPDC '03 Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing
An Authorization Scheme For Distributed Object Systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Application Fault Tolerance with Armor Middleware
IEEE Internet Computing
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
CPOL: high-performance policy evaluation
Proceedings of the 12th ACM conference on Computer and communications security
The secondary and approximate authorization model and its application to Bell-LaPadula policies
Proceedings of the eleventh ACM symposium on Access control models and technologies
Flooding and recycling authorizations
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
The Chubby lock service for loosely-coupled distributed systems
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Authorization recycling in RBAC systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Authorization recycling in hierarchical RBAC systems
ACM Transactions on Information and System Security (TISSEC)
Risk-based security decisions under uncertainty
Proceedings of the second ACM conference on Data and Application Security and Privacy
Hi-index | 0.00 |
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures-based predominantly on the request-response paradigm-are facing challenges in terms of fragility and poor scalability. We propose an approach where each application server caches previously received authorizations at its secondary decision point and shares them with other application servers to mask authorization server failures and network delays.This paper presents the design of our cooperative secondary authorization recycling system and its evaluation using simulation and prototype implementation. The results demonstrate that our approach improves the availability of authorization infrastructures while preserving their performance characteristics. Specifically, by sharing authorizations, the cache hit rate.an indirect metric of availability.can reach 70%, even when only 10% of authorizations are cached. Depending on the deployment scenario, the performance in terms of the average time for authorizing an application request can be reduced by up to 30%.