Authorization Recycling in RBAC Systems

被引:0
|
作者
Wei, Qiang [1 ]
Beznosov, Konstantin [1 ]
Crampton, Jason
Ripeanu, Matei [1 ]
机构
[1] Univ British Columbia, LERSSE, Vancouver, BC V5Z 1M9, Canada
来源
SACMAT'08: PROCEEDINGS OF THE 13TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES | 2008年
关键词
SAAM; RBAC; access control; authorization recycling;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization recycling is one technique that has been used to address these challenges. This paper introduces and evaluates the mechanisms for authorization recycling in RBAC enterprise systems. The algorithms that support these mechanisms allow precise and approximate authorization decisions to be made, thereby masking possible failures of the policy decision point and reducing its load. We evaluate these algorithms analytically and using a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed access control mechanisms.
引用
收藏
页码:63 / 72
页数:10
相关论文
共 50 条
  • [1] Authorization Recycling in Hierarchical RBAC Systems
    Wei, Qiang
    Crampton, Jason
    Beznosov, Konstantin
    Ripeanu, Matei
    ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2011, 14 (01)
  • [2] An Efficient Framework for User Authorization Queries in RBAC Systems
    Wickramaarachchi, Guneshi T.
    Qardaji, Wahbeh H.
    Li, Ninghui
    SACMAT'09: PROCEEDINGS OF THE 14TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2009, : 23 - 31
  • [3] Authorization constraints specification of RBAC
    Han, Lilong
    Liu, Qingtan
    Yang, Zongkai
    INFORMATION SECURITY APPLICATIONS, 2007, 4867 : 266 - 276
  • [4] Supporting user authorization queries in RBAC systems by role-permission reassignment
    Lu, Jianfeng
    Xin, Yun
    Zhang, Zhao
    Peng, Hao
    Han, Jianmin
    FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2018, 88 : 707 - 717
  • [5] Enable delegation for RBAC with Secure Authorization Certificate
    Zhou, GuangXu
    Demirer, Murat
    Bayrak, Coskun
    Wang, Licheng
    COMPUTERS & SECURITY, 2011, 30 (08) : 780 - 790
  • [6] Design and Implementation of Authorization System Based on RBAC
    Li, Furong
    Wu, Haitao
    2015 7TH INTERNATIONAL CONFERENCE ON INTELLIGENT HUMAN-MACHINE SYSTEMS AND CYBERNETICS IHMSC 2015, VOL I, 2015, : 502 - 504
  • [7] A Family of RBAC-Based Workflow Authorization Models
    HONG Fan
    WuhanUniversityJournalofNaturalSciences, 2005, (01) : 324 - 328
  • [8] Active Authorization Rules for Enforcing RBAC with Spatial Characteristics
    Tang, Zhu
    Ju, Shiguang
    Chen, Weihe
    ISCSCT 2008: INTERNATIONAL SYMPOSIUM ON COMPUTER SCIENCE AND COMPUTATIONAL TECHNOLOGY, VOL 2, PROCEEDINGS, 2008, : 632 - 636
  • [9] Implementation of the Authorization Management with RBAC in the Usage Control Model
    Cai, Hui
    Li, Peiwu
    PROCEEDINGS OF INTERNATIONAL SYMPOSIUM ON COMPUTER SCIENCE AND COMPUTATIONAL TECHNOLOGY (ISCSCT 2009), 2009, : 179 - 182
  • [10] Safety and Availability Checking for User Authorization Queries in RBAC
    Jian-feng Lu
    Jian-min Han
    Wei Chen
    Jin-Wei Hu
    International Journal of Computational Intelligence Systems, 2012, 5 : 860 - 867
12345