000000150 001__ 150
000000150 005__ 20130522141942.0
000000150 037__ $$aLERSSE-RefConfPaper-2008-026
000000150 041__ $$aeng
000000150 100__ $$aQiang Wei
000000150 100__ $$aJason Crampton
000000150 100__ $$aKonstantin Beznosov
000000150 100__ $$aMatei Ripeanu
000000150 245__ $$aAuthorization Recycling in RBAC Systems
000000150 260__ $$c2008-04-07
000000150 300__ $$a10p
000000150 520__ $$aAs distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization recycling is one technique that has been used to address these challenges. This paper introduces and evaluates the mechanisms for authorization recycling in RBAC enterprise systems. The algorithms that support these mechanisms allow precise and approximate authorization decisions to be made, thereby masking possible failures of the policy decision point and reducing its load. We evaluate these algorithms analytically and using a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed access control mechanisms.
000000150 6531_ $$aJAMES
000000150 6531_ $$aSAAM
000000150 6531_ $$aRBAC
000000150 6531_ $$aaccess control
000000150 6531_ $$aauthorization recycling
000000150 6531_ $$aEngineering Security Mechanisms
000000150 8560_ $$fqiangw@ece.ubc.ca
000000150 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/150/files/150.pdf$$yTransfer from CDS 0.99.7
000000150 909C4 $$pQiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu. Authorization recycling in RBAC systems. In SACMAT '08: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Estes Park, Colorado, USA, June 11-13 2008, pp. 63-72.
000000150 980__ $$aRefConfPaper