000000113 001__ 113
000000113 005__ 20130522141947.0
000000113 037__ $$aLERSSE-REPORT-2006-017
000000113 041__ $$aeng
000000113 100__ $$aKyle Zeeuwen
000000113 100__ $$aKonstantin Beznosov
000000113 245__ $$aEvaluation of SAAM_BLP
000000113 260__ $$c2006-07-21
000000113 300__ $$a22p
000000113 520__ $$aRequest response access control systems that use Policy Decision Points have their reliability and latency bounded by network communication. We propose the use of a secondary decision point that combines previously computed authorizations with knowledge of the security model to infer the result of authorization requests. We demonstrate that this approximate recycling approach increases the reliability of a system to a greater extent than existing precise authorization recycling solutions. A simulation is described that compares system reliability while using both precise recycling and approximate recycling in a system that uses the Bell LaPadula model. Results show that an approximate recycling component is a much as 28\% more likely to produce a valid response than a precise recycling component. It is also shown that increasing the number of subjects and objects managed by a system increases the hit rate improvement offered by approximate recycling, that the ratio between subjects and objects in the system affects the behavior of an approximate recycling component, and that the use of narrower Bell LaPadula security lattices result in greater hit rate gains than wider lattices under the same circumstances.
000000113 6531_ $$aSAAM
000000113 6531_ $$aBLP
000000113 6531_ $$aBell LaPadula
000000113 6531_ $$aSDP
000000113 6531_ $$aSimulation
000000113 8560_ $$fkylez@ece.ubc.ca
000000113 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/113/files/113.pdf$$yTransfer from CDS 0.99.7
000000113 909C4 $$pKyle Zeeuwen, Konstantin Beznosov, "Evaluation of SAAM_BLP" LERSSE Technical Report LERSSE-TR-2006-01, July 21, 2006.
000000113 980__ $$aREPORT