Flooding and Recycling Authorizations

Konstantin Beznosov

16 October 2005

Abstract: The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and sub-efficient solutions. The architectures also fail to exploit virtually free CPU resources and network bandwidth. This paper proposes to leverage publish-subscribe architectures for increasing failure resilience and efficiency by flooding delivery channels with speculatively pre-computed authorizations and recycling them on just-in-time basis.

Keyword(s): JAMES ; authorization recycling ; authorization flooding ; access control ; authorization ; Engineering Security Mechanisms

Published in: Konstantin Beznosov, "Flooding and Recycling Authorizations," presentation given at the New Security Paradigms Workshop (NSPW), Lake Arrowhead, CA, USA, 22 September, 2005, pp.25. :

The record appears in these collections:
Engineering Security Mechanisms

 Record created 2009-04-27, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)