Authorization Recycling in RBAC Systems

Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu

07 April 2008

Abstract: As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization recycling is one technique that has been used to address these challenges. This paper introduces and evaluates the mechanisms for authorization recycling in RBAC enterprise systems. The algorithms that support these mechanisms allow precise and approximate authorization decisions to be made, thereby masking possible failures of the policy decision point and reducing its load. We evaluate these algorithms analytically and using a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed access control mechanisms.

Keyword(s): JAMES ; SAAM ; RBAC ; access control ; authorization recycling ; Engineering Security Mechanisms

Published in: Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu. Authorization recycling in RBAC systems. In SACMAT '08: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Estes Park, Colorado, USA, June 11-13 2008, pp. 63-72. :

The record appears in these collections:
Engineering Security Mechanisms
Refereed Conference Papers

 Record created 2009-04-27, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)