Cooperative secondary authorization recycling

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Cooperative secondary authorization recycling

Full text

Pdf (543 KB)

Source

High Performance Distributed Computing archive
Proceedings of the 16th international symposium on High performance distributed computing table of contents

Monterey, California, USA

SESSION: Reliability and fault tolerance table of contents

Pages: 65 - 74

Year of Publication: 2007

ISBN:978-1-59593-673-8

Authors

Qiang Wei	University of British Columbia
Matei Ripeanu	University of British Columbia
Konstantin Beznosov	University of British Columbia

Sponsors

ACM: Association for Computing Machinery
SIGARCH: ACM Special Interest Group on Computer Architecture

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 3, Downloads (12 Months): 37, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1272366.1272375 What is a DOI?

ABSTRACT

As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures-based predominantly on the request-response paradigm-are facing challenges in terms of fragility and poor scalability. We propose an approach where each application server caches previously received authorizations at its secondary decision point and shares them with other application servers to mask authorization server failures and network delays.This paper presents the design of our cooperative secondary authorization recycling system and its evaluation using simulation and prototype implementation. The results demonstrate that our approach improves the availability of authorization infrastructures while preserving their performance characteristics. Specifically, by sharing authorizations, the cache hit rate.an indirect metric of availability.can reach 70%, even when only 10% of authorizations are cached. Depending on the deployment scenario, the performance in terms of the average time for authorizing an application request can be reduced by up to 30%.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Lujo Bauer , Scott Garriss , Michael K. Reiter, Distributed Proving in Access-Control Systems, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.81-95, May 08-11, 2005 [doi>10.1109/SP.2005.9]
	2	D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations. Technical Report ESD-TR-74-244, MITRE, March 1973.
	3	Konstantin (Kosta) Beznosov, Flooding and recycling authorizations, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California [doi>10.1145/1146269.1146285]
	4	Kevin Borders , Xin Zhao , Atul Prakash, CPOL: high-performance policy evaluation, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA [doi>10.1145/1102120.1102142]
	5	Eric A. Brewer, Towards robust distributed systems (abstract), Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing, p.7, July 16-19, 2000, Portland, Oregon, United States [doi>10.1145/343477.343502]
	6	Mike Burrows, The Chubby lock service for loosely-coupled distributed systems, Proceedings of the 7th conference on USENIX Symposium on Operating Systems Design and Implementation, p.24-24, November 06-08, 2006, Seattle, WA
	7	Manuel Costa , Jon Crowcroft , Miguel Castro , Antony Rowstron , Lidong Zhou , Lintao Zhang , Paul Barham, Vigilante: end-to-end containment of internet worms, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
	8	Jason Crampton , Wing Leung , Konstantin Beznosov, The secondary and approximate authorization model and its application to Bell-LaPadula policies, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA [doi>10.1145/1133058.1133075]
	9	L. G. DeMichiel, L. U. Yalcinalp, and S. Krishnan. Enterprise JavaBeans Specification, Version 2.0. Sun Microsystems, 2001.
	10	Entrust. getaccess design and administration guide. Technical report, Entrust, September 20 1999.
	11	S. Gadde, J. Chase, and M. Rabinovich. A taste of crispy Squid. In Proceedings of the 1998 Workshop on Internet Server Performance, pages 129--136, June 1998.
	12	Seth Gilbert , Nancy Lynch, Brewer's conjecture and the feasibility of consistent, available, partition-tolerant web services, ACM SIGACT News, v.33 n.2, June 2002 [doi>10.1145/564585.564601]
	13	Barry W. Johnson, An introduction to the design and analysis of fault-tolerant systems, Fault-tolerant computer system design, Prentice-Hall, Inc., Upper Saddle River, NJ, 1996
	14	Zbigniew Kalbarczyk , Ravishankar K. Iyer , Long Wang, Application Fault Tolerance with Armor Middleware, IEEE Internet Computing, v.9 n.2, p.28-37, March 2005 [doi>10.1109/MIC.2005.31]
	15	Günter Karjoth, Access control with IBM Tivoli access manager, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.232-257, May 2003 [doi>10.1145/762476.762479]
	16	M. Locasto, S. Sidiroglou, and A. D. Keromytis. Software self-healing using collaborative application communities. In Proceedings of the Internet Society (ISOC) Symposium on Network and Distributed Systems Security (NDSS 2006), pages 95--106, San Diego, CA, 2006.
	17	P. J. Mazzuca. Access control in a distributed decentralized network: an XML approach to network security using XACML and SAML. Technical report, Dartmouth College, Computer Science, Spring 2004.
	18	Netegrity. Siteminder concepts guide. Technical report, Netegrity, 2000.
	19	V. Nicomette , Y. Deswarte, An Authorization Scheme For Distributed Object Systems, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.21, May 04-07, 1997
	20	OMG. CORBAservices: Common object services specification, security service specification v1.8, 2002.
	21	Antony I. T. Rowstron , Peter Druschel, Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems, Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg, p.329-350, November 12-16, 2001
	22	Securant. Unified access management: A model for integrated web security. Technical report, Securant Technologies, June 25 1999.
	23	G. H. Stowe. A secure network node approach to the policy decision point in distributed access controlw. Technical report, Dartmouth College, Computer Science, June 2004.
	24	W. Vogels. How wrong can you be? Getting lost on the road to massive scalability. In Middleware Conference, Toronto, October 20 2004.
	25	Jia Wang, A survey of web caching schemes for the Internet, ACM SIGCOMM Computer Communication Review, v.29 n.5, October 1999 [doi>10.1145/505696.505701]
	26	Von Welch , Frank Siebenlist , Ian Foster , John Bresnahan , Karl Czajkowski , Jarek Gawor , Carl Kesselman , Sam Meder , Laura Pearlman , Steven Tuecke, Security for Grid Services, Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing, p.48, June 22-24, 2003
	27	XACML-TC. OASIS eXtensible Access Control Markup Language (XACML) version 1.0. OASIS Standard, 18 February 2003.