000000224 001__ 224
000000224 005__ 20130522141940.0
000000224 037__ $$aLERSSE-RefJnlPaper-2009-014
000000224 100__ $$aQiang Wei
000000224 245__ $$aAuthorization Recycling in Hierarchical RBAC Systems
000000224 260__ $$c2009-03-12
000000224 300__ $$a32
000000224 520__ $$aAs distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization caching, which enables the re-use of previous authorization decisions, is one technique that has been used to address these challenges. This paper introduces and evaluates the mechanisms for authorization "recycling" in RBAC enterprise systems. The algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. We evaluate these algorithms analytically as well as using simulation and a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed access control mechanisms.
000000224 6531_ $$aSAAM
000000224 6531_ $$aRBAC
000000224 6531_ $$aaccess control
000000224 6531_ $$aauthorization recycling
000000224 6531_ $$aJAMES
000000224 700__ $$aJason Crampton
000000224 700__ $$aKonstantin Beznosov
000000224 700__ $$aMatei Ripeanu
000000224 8560_ $$fbeznosov@ece.ubc.ca
000000224 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/224/files/224.pdf$$yTransfer from CDS 0.99.7
000000224 909C4 $$pQ. Wei, J. Crampton, K. Beznosov, M. Ripeanu, “Authorization Recycling in Hierarchical RBAC Systems,” to appear in ACM Transactions on Information and System Security (TISSEC), 32 pages, preprint.
000000224 980__ $$aRefJnlPaper