Authorization Recycling in RBAC Systems

被引：0

作者：

Wei, Qiang ^{[1
]}

Beznosov, Konstantin ^{[1
]}

Crampton, Jason

Ripeanu, Matei ^{[1
]}

机构：

[1] Univ British Columbia, LERSSE, Vancouver, BC V5Z 1M9, Canada

来源：

SACMAT'08: PROCEEDINGS OF THE 13TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES | 2008年

关键词：

SAAM; RBAC; access control; authorization recycling;

D O I：

暂无

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization recycling is one technique that has been used to address these challenges. This paper introduces and evaluates the mechanisms for authorization recycling in RBAC enterprise systems. The algorithms that support these mechanisms allow precise and approximate authorization decisions to be made, thereby masking possible failures of the policy decision point and reducing its load. We evaluate these algorithms analytically and using a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed access control mechanisms.

引用

页码：63 / 72

页数：10

共 50 条

[41] Authorization in data management systems
Raymond, D
35TH ANNUAL 2001 INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY, PROCEEDINGS, 2001, : 202 - 212
[42] Resolving information flow conflicts in RBAC systems
Tuval, Noa
Gudes, Ehud
DATA AND APPLICATIONS SECURITY XX, PROCEEDINGS, 2006, 4127 : 148 - 162
[43] RBAC in distributed retrieving systems by attribute certificates
Park, DG
Hwang, YD
IC'2001: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON INTERNET COMPUTING, VOLS I AND II, 2001, : 800 - 806
[44] Role engineering with SKAOS for systems employing RBAC
Huang, Chao
Sun, Jianling
Wang, Xinyu
Si, Yuanjie
2009 INTERNATIONAL CONFERENCE ON NETWORKING AND DIGITAL SOCIETY, VOL 2, PROCEEDINGS, 2009, : 56 - 60
[45] Enforcing Spatial Constraints for Mobile RBAC Systems
Kirkpatrick, Michael S.
Bertino, Elisa
SACMAT 2010: PROCEEDINGS OF THE 15TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2010, : 99 - 108
[46] A Formal Approach for Risk Assessment in RBAC Systems
Ma, Ji
JOURNAL OF UNIVERSAL COMPUTER SCIENCE, 2012, 18 (17) : 2432 - 2451
[47] Deploying ABAC policies using RBAC systems
Batra, Gunjan
Atluri, Vijayalakshmi
Vaidya, Jaideep
Sural, Shamik
JOURNAL OF COMPUTER SECURITY, 2019, 27 (04) : 483 - 506
[48] Enabling the Deployment of ABAC Policies in RBAC Systems
Batra, Gunjan
Atluri, Vijayalakshmi
Vaidya, Jaideep
Sural, Shamik
DATA AND APPLICATIONS SECURITY AND PRIVACY XXXII, DBSEC 2018, 2018, 10980 : 51 - 68
[49] Authorization and Obligation Policies in Dynamic Systems
Gelfond, Michael
Lobo, Jorge
LOGIC PROGRAMMING, PROCEEDINGS, 2008, 5366 : 22 - +
[50] An authorization scheme for distributed object systems
Nicomette, V
Deswarte, Y
1997 IEEE SYMPOSIUM ON SECURITY AND PRIVACY - PROCEEDINGS, 1997, : 21 - 30

← 1 2 3 4 5 →