1.
|
Authorization Recycling in Hierarchical RBAC Systems
/ Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-RefJnlPaper-2009-014]
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Q. Wei, J. Crampton, K. Beznosov, M. Ripeanu, “Authorization Recycling in Hierarchical RBAC Systems,” to appear in ACM Transactions on Information and System Security (TISSEC), 32 pages, preprint.:
Transfer from CDS 0.99.7: PDF;
|
2.
|
Towards Improving the Availability and Performance of Enterprise Authorization Systems
/ Qiang Wei
[LERSSE-THESIS-2009-006]
Authorization protects application resources by allowing only authorized entities to access them. [...]
Published in Qiang Wei, "Towards Improving the Availability and Performance of Enterprise Authorization Systems," PhD dissertation, Department of Electrical and Computer Engineering, THE UNIVERSITY OF BRITISH COLUMBIA, October, 2009, pp.141.:
Transfer from CDS 0.99.7: PDF;
|
3.
|
Authorization Using the Publish-Subscribe Model
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-PRESENTATION-2009-080]
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. [...]
Published in Qei Wei, Konstantin Beznosov, and Matei Ripeanu, “Authorization Using Publish/Subscribe Models,” In Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA'08), 10-12 December, 2008, Sydney, Australia. IEEE Computer Society, pp.53-62.:
Transfer from CDS 0.99.7: PDF;
|
4.
|
Authorization Recycling in RBAC Systems
/ Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-PRESENTATION-2009-079]
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu, “Authorization Recycling in RBAC Systems,” in the Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT’08), Estes Park, Colorado, 11-13 June, 2008, pp.63-72.:
Transfer from CDS 0.99.7: PDF;
|
5.
|
Toward Improving Availability and Performance of Enterprise Authorization Services
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2009-001]
In currently deployed large enterprise systems, policy enforcement points (PDPs) are commonly implemented as logically centralized authorization servers [...]
Published in Talk given at the Faculty of Computer Science, Technical University of Dortmund.:
Transfer from CDS 0.99.7: PDF;
|
6.
|
Authorization Using the Publish-Subscribe Model
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-RefConfPaper-2008-031]
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov. Authorization using the publishsubscribe model. In Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA), pages 53-62, Sydney, Australia, December 10-12 2008. IEEE Computer Society.:
Transfer from CDS 0.99.7: PDF;
|
7.
|
Cooperative Secondary Authorization Recycling
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2008-005]
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," IEEE Transactions on Parallel and Distributed Systems, vol. 20 n.2, February 2009, pp.275-288.:
Transfer from CDS 0.99.7: PDF;
|
8.
|
Why (Managing) IT Security is Hard and Some Ideas for Making It Easier
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2008-072]
The way security mechanisms for distributed applications are engineered today has a number of serious drawbacks. [...]
Published in Konstantin Beznosov, “Why (Managing) IT Security is Hard and Some Ideas for Making It Easier” talk given at the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, 2 June 2008.:
Transfer from CDS 0.99.7: PDF;
|
9.
|
The Secondary and Approximate Authorization Model and its Application to BLP and RBAC Policies
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2008-071]
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers through remote procedure calls. [...]
Published in Konstantin Beznosov, “The Secondary and Approximate Authorization Model and its Application to BLP and RBAC Policies” talk given at the Computer Science Department, IBM Research Laboratory, Rüeschlikon, Switzerland, 5 June 2008.:
Transfer from CDS 0.99.7: PDF;
|
10.
|
Cooperative Secondary Authorization Recycling
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-REPORT-2008-026]
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures---based predominantly on the request-response paradigm---are facing challenges of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," Tech. Rep. LERSSE-TR-2008-02, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, April 2008.:
Transfer from CDS 0.99.7: PDF;
|