Qiang Wei ; Konstantin Beznosov ; Matei Ripeanu

01 September 2006

Abstract: As distributed enterprise systems scale up and become increasingly complex their authorization infrastructures are facing new challenges. Conventional request-response authorization architectures become fragile and scale poorly to massive-scale enterprises. We describe a collaborative approach to address these problems. In our approach, each application in the enterprise system caches its previous-made authorizations at its secondary decision point (SDP). An SDP can not only resolve the local request in the future but also share their authorization ability with other SDPs. Our simulation results demonstrate that cooperative authorization recycling approach improves the availability of access control architectures.

Keyword(s): Cooperative ; CSAR ; Secondary Authorization ; Recycling

Published in: Qiang Wei, Konstantin Beznosov, Matei Ripeanu, "Cooperative Approximate Authorization Recycling", Poster, 15th USENIX Security Symposium, August 2006.: