LERSSE-PRESENTATION-2005-027

JAMES: Junk Authorizations for Massive-scale Enterprise Services

Konstantin Beznosov

16 October 2005

Abstract: The request-response paradigm used for distributed access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and sub-efficient solutions. The architectures also fail to exploit virtually free CPU and network bandwidth resources. This talk describes the approach taken by JAMES project to leverage publish-subscribe architectures for increasing failure resilience and performance through flooding delivery channels with speculatively pre-computed authorizations and recycling them on just-in-time basis. The talk also provides a brief overview of other research projects conducted at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE), the University of British Columbia, Vancouver, Canada

Keyword(s): JAMES ; SAAM ; access control ; authorization ; publish-subscribe ; Engineering Security Mechanisms

Published in: Konstantin Beznosov, "JAMES: Junk Authorizations for Massive-scale Enterprise Services," given at the School of Computing and Information Sciences, Florida International University, Miami, Florida, USA, August 15, 2005, pp.29. :

The record appears in these collections:
Engineering Security Mechanisms
Talks/Presentations

 Record created 2009-04-27, last modified 2013-05-22


Transfer from CDS 0.99.7:
Download fulltext
PDF

Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)