000000185 001__ 185
000000185 005__ 20130522141949.0
000000185 037__ $$aLERSSE-PRESENTATION-2009-001
000000185 041__ $$aeng
000000185 100__ $$aKonstantin Beznosov
000000185 245__ $$aToward Improving Availability and Performance of Enterprise Authorization Services
000000185 260__ $$c2009-04-27
000000185 300__ $$a66p
000000185 520__ $$a    In currently deployed large enterprise systems, policy enforcement points (PDPs) are commonly implemented as logically centralized authorization servers. This centralization provides important benefits: consistent policy enforcement across multiple policy enforcement points (PEPs) and reduced administration cost for authorization policies. Like all centralized architectures, however, this approach has two critical drawbacks: the PDP is a single point of failure and a potential performance bottleneck. The former property may lead to reduced availability. A conventional approach to improving the availability of a distributed infrastructure is failure masking through redundancy. However, redundancy and other general purpose fault-tolerance techniques for distributed systems scale poorly, and become technically and economically infeasible when the number of entities in the system reaches the thousands. Large-scale commodity computing is, however, becoming a reality, with eBay having 12,000 servers and 15,000 application server instances, and Google estimated to have ``more than 450,000 servers spread in at least 25 locations around the world''.

    Performance is also of concern. In a large-scale enterprise system with non-trivial authorization policies, making authorization decisions is often computationally expensive due to the complexity of the policies involved and the large size of the resource and user populations. In addition, authorization policy evaluation could require obtaining just-in-time data from human resources, medical records, and other repositories of business data, which commonly further increases the access control decision time. Thus, the centralized PDP often becomes a performance bottleneck. Also, the communication delay between the PEP and the PDP can make the authorization overhead prohibitively high.

    To address these drawbacks, we are developing an approach to authorization architectures consisting of three key elements. First, we suggest decoupling the enforcement and decision components of access control solutions with a publish-subscribe architecture. The administrative and operating overheads associated with reconfiguring access control systems to accommodate component and infrastructure failures should thereby be reduced. Second, since multiple PEPs can subscribe to and share the same authorizations, we put forward a way of ``actively recycling'' authorizations by searching through the authorization streams and caches and finding the ``best approximate'' (as opposed to ``precise'') authorization(s) for the request to be authorized. Finally, we consider taking advantage of virtually free CPU resources and network bandwidth by speculatively predicting near-future authorization requests, computing corresponding access control decisions, and proactively pushing them to the PEPs through the publish-subscribe channels. The anticipated results of this approach are (1) improved resilience of authorization infrastructures in the light of the high failure rates observed in large enterprises; (2) reduced delay (latency) in requesting and obtaining authorizations; and (3) reduced human resources required to operate and maintain authorization infrastructures.  This talk will present the approach and discuss results so far.
    
000000185 6531_ $$aSAAM
000000185 6531_ $$aJAMES
000000185 8560_ $$fbeznosov@ece.ubc.ca
000000185 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/185/files/185.pdf$$yTransfer from CDS 0.99.7
000000185 909C4 $$pTalk given at the Faculty of Computer Science, Technical University of Dortmund.
000000185 980__ $$aPRESENTATION