Authorization Recycling in RBAC Systems

被引:0
|
作者
Wei, Qiang [1 ]
Beznosov, Konstantin [1 ]
Crampton, Jason
Ripeanu, Matei [1 ]
机构
[1] Univ British Columbia, LERSSE, Vancouver, BC V5Z 1M9, Canada
来源
SACMAT'08: PROCEEDINGS OF THE 13TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES | 2008年
关键词
SAAM; RBAC; access control; authorization recycling;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization recycling is one technique that has been used to address these challenges. This paper introduces and evaluates the mechanisms for authorization recycling in RBAC enterprise systems. The algorithms that support these mechanisms allow precise and approximate authorization decisions to be made, thereby masking possible failures of the policy decision point and reducing its load. We evaluate these algorithms analytically and using a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed access control mechanisms.
引用
收藏
页码:63 / 72
页数:10
相关论文
共 50 条
  • [21] A Cross Cloud Authorization Mechanism Using NFC and RBAC Technology
    Chan, Jun-Fu
    Yang, Ta-Chih
    Liaw, Horng Twu
    UBIQUITOUS COMPUTING APPLICATION AND WIRELESS SENSOR, 2015, 331 : 239 - 246
  • [22] VeRA: Verifying RBAC and Authorization Constraints Models of Web Applications
    Thanh-Nhan Luong
    Hanh-Phuc Nguyen
    Ninh-Thuan Truong
    INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 2021, 31 (05) : 655 - 675
  • [23] A community authorization mechanism research based on RBAC in data grid
    Wu, XN
    Zhang, RL
    Xiao, N
    GCA '05: PROCEEDINGS OF THE 2005 INTERNATIONAL CONFERENCE ON GRID COMPUTING AND APPLICATIONS, 2005, : 210 - 216
  • [24] FWAM: A flexible workflow authorization model using extended RBAC
    Yang, Le
    Choi, Yongsun
    Choi, Myeonggil
    Zhao, Xinlei
    PROCEEDINGS OF THE 2008 12TH INTERNATIONAL CONFERENCE ON COMPUTER SUPPORTED COOPERATIVE WORK IN DESIGN, VOLS I AND II, 2008, : 625 - +
  • [25] A user-centered, modular authorization service built on an RBAC foundation
    Zurko, ME
    Simon, R
    Sanfilippo, T
    PROCEEDINGS OF THE 1999 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 1999, : 57 - 71
  • [26] Temporal UAS: Supporting Efficient RBAC Authorization in Presence of the Temporal Role Hierarchy
    Zhang, Yue
    Joshi, James B. D.
    EUC 2008: PROCEEDINGS OF THE 5TH INTERNATIONAL CONFERENCE ON EMBEDDED AND UBIQUITOUS COMPUTING, VOL 2, WORKSHOPS, 2008, : 264 - 271
  • [27] RBAC-based Delegation Authorization with Trust Computing and Collaborative Security Strategy
    Sun, Wei
    International Journal of Network Security, 2023, 25 (04) : 666 - 679
  • [28] RBAC Administration in Distributed Systems
    Dekker, M. A. C.
    Crampton, J.
    Etalle, S.
    SACMAT'08: PROCEEDINGS OF THE 13TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2008, : 93 - 101
  • [29] A Flexible Authorization Delegation Method in Multi-domain Environments Employing RBAC Policies
    Liao, Junguo
    Yang, Feng
    Zhang, Huifu
    Zhu, Gengming
    Zhu, Bin
    DCABES 2008 PROCEEDINGS, VOLS I AND II, 2008, : 1142 - 1147
  • [30] UAQ: A Framework for User Authorization Query Processing in RBAC extended with Hybrid Hierarchy and Constraints
    Zhang, Yue
    Joshi, James B. D.
    SACMAT'08: PROCEEDINGS OF THE 13TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2008, : 83 - 91
12345