Home > Talks/Presentations > JAMES: Junk Authorizations for Massive-scale Enterprise Services |
LERSSE-PRESENTATION-2005-027 |
Konstantin Beznosov
16 October 2005
Abstract: The request-response paradigm used for distributed access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and sub-efficient solutions. The architectures also fail to exploit virtually free CPU and network bandwidth resources. This talk describes the approach taken by JAMES project to leverage publish-subscribe architectures for increasing failure resilience and performance through flooding delivery channels with speculatively pre-computed authorizations and recycling them on just-in-time basis. The talk also provides a brief overview of other research projects conducted at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE), the University of British Columbia, Vancouver, Canada
Keyword(s): JAMES ; SAAM ; access control ; authorization ; publish-subscribe ; Engineering Security Mechanisms
Published in: Konstantin Beznosov, "JAMES: Junk Authorizations for Massive-scale Enterprise Services," given at the School of Computing and Information Sciences, Florida International University, Miami, Florida, USA, August 15, 2005, pp.29. :
The record appears in these collections:
Engineering Security Mechanisms
Talks/Presentations