000000112 001__ 112
000000112 005__ 20130522141942.0
000000112 037__ $$aLERSSE-RefConfPaper-2006-017
000000112 041__ $$aeng
000000112 100__ $$aJason Crampton
000000112 100__ $$aWing Leung
000000112 100__ $$aKonstantin Beznosov
000000112 245__ $$aThe Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies
000000112 260__ $$c2006-04-01
000000112 300__ $$a10p
000000112 520__ $$aWe introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. Our secondary and approximate authorization model (SAAM) defines the notions of primary vs. secondary and precise vs. approximate authorizations. Approximate authorization responses are inferred from cached primary responses, and therefore provide an alternative source of access control decisions in the event that the authorization server is unavailable or slow. The ability to compute approximate authorizations improves the reliability and performance of access control sub-systems and ultimately the application systems themselves. The operation of a system that employs SAAM depends on the type of access control policy it implements. We propose and analyze algorithms for computing secondary authorizations in the case of policies based on the Bell-LaPadula model. In this context, we define a dominance graph, and describe its construction and usage for generating secondary responses to authorization requests. Preliminary results of evaluating SAAMblp algorithms demonstrate a 30% increase in the number of authorization requests that can be served without consulting access control policies.
000000112 6531_ $$aBell-LaPadula model
000000112 6531_ $$aSAAM
000000112 6531_ $$aaccess control
000000112 6531_ $$aauthorization recycling
000000112 6531_ $$aJAMES
000000112 8560_ $$fbeznosov@ece.ubc.ca
000000112 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/112/files/112.pdf$$yTransfer from CDS 0.99.7
000000112 909C4 $$pJason Crampton, Wing Leung, Konstantin Beznosov "The Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies," In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), Lake Tahoe, California, USA, ACM, 7-9 June, 2006, pp.111-120.
000000112 980__ $$aRefConfPaper