Flooding and recycling authorizations

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Flooding and recycling authorizations

Full text

Pdf (1.82 MB)

Source

New Security Paradigms Workshop archive
Proceedings of the 2005 workshop on New security paradigms table of contents

Lake Arrowhead, California

SESSION: Managing authority table of contents

Pages: 67 - 72

Year of Publication: 2005

ISBN:1-59593-317-4

Author

Konstantin (Kosta) Beznosov

University of British Columbia, Vancouver, Canada

Sponsor

ACSA : Applied Computer Security Associates

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 5, Downloads (12 Months): 23, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1146269.1146285 What is a DOI?

ABSTRACT

The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and inefficient solutions. They also fail to exploit virtually free CPU resources and network bandwidth. This paper proposes leveraging publish-subscribe architectures for increased reliability and efficiency by flooding delivery channels with speculatively pre-computed authorizations and actively recycling them on a just-in-time basis.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	K. Beznosov, Recycling Authorizations: Toward Secondary and Approximate Authorizations Model (SAAM), LERSSE-TR-2005-01, LERSSE, Dept. of Elec. and Comp. Engineering, University of British Columbia, March 2005.
	2	Konstantin Beznosov , Yi Deng , Bob Blakley , John Barkley, A Resource Access Decision Service for CORBA-Based Distributed Systems, Proceedings of the 15th Annual Computer Security Applications Conference, p.310, December 06-10, 1999
	3	Brewer, D., and Nash, M. "The Chinese Wall security policy," in Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 206--214, May 1989.
	4	J. Crampton (private communication), 2005.
	5	Entrust Inc., GetAccess Design and Administration Guide, September 20, 1999.
	6	James Gwertzman and Margo I. Seltzer, "World wide web cache consistency," in USENIX Annual Technical Conference, pages 141--152, 1996.
	7	Günter Karjoth, Access control with IBM Tivoli access manager, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.232-257, May 2003 [doi>10.1145/762476.762479]
	8	W. Leung and J. Crampton and K. Beznosov, Toward Secondary and Approximate Authorizations Model (SAAM), technical report, LERSSE, Dept. of Elec. and Comp. Engineering, University of British Columbia, in progress.
	9	Amihai Motro, An Access Authorization Model for Relational Databases Based on Algebraic Manipulation of View Definitions, Proceedings of the Fifth International Conference on Data Engineering, p.339-347, February 06-10, 1989
	10	M. Nash and L. Poland. "Some conundrums concerning separation of duty," in Proceedings of the Symposium on Security and Privacy, (Oakland, CA, May 1990), IEEE Computer Society Press, pp. 201--207.
	11	Netegrity Inc., SiteMinder Concepts Guide, 2000.
	12	Jaehong Park , Ravi Sandhu, The UCON_ABC usage control model, ACM Transactions on Information and System Security (TISSEC), v.7 n.1, p.128-174, February 2004 [doi>10.1145/984334.984339]
	13	John L. Hennessy , David A. Patterson, Computer architecture (2nd ed.): a quantitative approach, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1996
	14	Shariq Rizvi , Alberto Mendelzon , S. Sudarshan , Prasan Roy, Extending query rewriting techniques for fine-grained access control, Proceedings of the 2004 ACM SIGMOD international conference on Management of data, June 13-18, 2004, Paris, France [doi>10.1145/1007568.1007631]
	15	A. Rosenthal and E. Sciore, "View Security as the Basis for Data Warehouse Security," in Proceedings of International Workshop on Design and Management of Data Warehouses, 2000.
	16	Arnon Rosenthal , Edward Sciore, Administering permissions for distributed data: factoring and automated inference, Proceedings of the fifteenth annual working conference on Database and application security, p.91-104, July 15-18, 2001, Niagara, Ontario, Canada
	17	Securant, Unified Access Management: A Model For Integrated Web Security, Securant Technologies, June 25, 1999.
	18	Roshan K. Thomas , Ravi S. Sandhu, Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.166-181, August 10-13, 1997
	19	W. Vogels, How Wrong Can You Be? Getting Lost on the Road to Massive Scalability, keynote speech at International Middleware Conference, Toronto, Canada, 2004.
	20	C. Weissman. Security controls in the ADEPT-50 timesharing system. In AFIPS Conference Proceedings, v. 35, pp. 119--133. FJCC, 1969.

CITED BY 2

	Qiang Wei , Matei Ripeanu , Konstantin Beznosov, Cooperative secondary authorization recycling, Proceedings of the 16th international symposium on High performance distributed computing, June 25-29, 2007, Monterey, California, USA
	Qiang Wei , Jason Crampton , Konstantin Beznosov , Matei Ripeanu, Authorization recycling in RBAC systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA