LERSSE-REPORT-2008-026

Cooperative Secondary Authorization Recycling

Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov

28 April 2008

Abstract: As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures---based predominantly on the request-response paradigm---are facing challenges of fragility and poor scalability. We propose an approach where each application server recycles previously received authorizations and shares them with other application servers to mask authorization server failures and network delays. This paper presents the design of our cooperative secondary authorization recycling system and its evaluation using simulation and prototype implementation. The results demonstrate that our approach improves the availability and performance of authorization infrastructures. Specifically, by sharing authorizations, the cache hit rate---an indirect metric of availability---can reach 70%, even when only 10% of authorizations are cached. Depending on the deployment scenario, the average time for authorizing an application request can be reduced by up to a factor of two compared with systems that do not employ cooperation.

Keyword(s): CSAR ; SAAM ; JAMES ; authorization recycling ; Engineering Security Mechanisms

Published in: Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," Tech. Rep. LERSSE-TR-2008-02, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, April 2008.:

The record appears in these collections:
Engineering Security Mechanisms
Technical Reports

 Record created 2009-04-27, last modified 2013-05-22


Transfer from CDS 0.99.7:
Download fulltext
PDF

Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)