An Access Control Implementation Targeting Resource-constrained Environments

2019 15th International Conference on Network and Service Management (CNSM) Pub Date : 2019-10-01 DOI:10.23919/CNSM46954.2019.9012689

Fan Zhang, B. Butler, B. Jennings

{"title":"An Access Control Implementation Targeting Resource-constrained Environments","authors":"Fan Zhang, B. Butler, B. Jennings","doi":"10.23919/CNSM46954.2019.9012689","DOIUrl":null,"url":null,"abstract":"As more and more services are deployed on devices near the network edge, security operations (such as authentication and authorization) need to move with them. Typically, edge devices have fewer resources than data center servers and so the security operations need to make more efficient use of what is available while offering adequate performance. Authorization adds latency and requires system resources, but the need for security management with strong authorization at the network edge is growing. We have released the first open source, high-performance, resource-efficient, XACML3 standard-compatible Policy Decision Point (PDP) called Luas (means “speed’' in the Irish language) based on an event-driven architecture and a non-blocking computational model, using a Bloom Filter for better performance. We compared its performance, resource usage and reliability against existing open source PDPs. Like those we tested, it provides accurate decisions, but Luas offers much faster security policy evaluation while using fewer system resources, and provides responses in a reasonable timeframe even when resources are scarce.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 15th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CNSM46954.2019.9012689","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

As more and more services are deployed on devices near the network edge, security operations (such as authentication and authorization) need to move with them. Typically, edge devices have fewer resources than data center servers and so the security operations need to make more efficient use of what is available while offering adequate performance. Authorization adds latency and requires system resources, but the need for security management with strong authorization at the network edge is growing. We have released the first open source, high-performance, resource-efficient, XACML3 standard-compatible Policy Decision Point (PDP) called Luas (means “speed’' in the Irish language) based on an event-driven architecture and a non-blocking computational model, using a Bloom Filter for better performance. We compared its performance, resource usage and reliability against existing open source PDPs. Like those we tested, it provides accurate decisions, but Luas offers much faster security policy evaluation while using fewer system resources, and provides responses in a reasonable timeframe even when resources are scarce.

查看原文本刊更多论文

针对资源受限环境的访问控制实现

随着越来越多的业务部署在靠近网络边缘的设备上，安全操作(如身份验证和授权)也需要随之移动。通常，边缘设备比数据中心服务器拥有更少的资源，因此安全操作需要更有效地利用可用资源，同时提供足够的性能。授权增加了延迟并需要系统资源，但在网络边缘对具有强授权的安全管理的需求正在增长。我们发布了第一个开源的、高性能的、资源高效的、与XACML3标准兼容的策略决策点(PDP)，名为Luas(在爱尔兰语中是“速度”的意思)，它基于事件驱动的架构和非阻塞计算模型，使用Bloom Filter来获得更好的性能。我们将其性能、资源使用和可靠性与现有的开源pdp进行了比较。与我们测试的那些一样，它提供了准确的决策，但是Luas在使用更少的系统资源的同时提供了更快的安全策略评估，并且即使在资源稀缺的情况下也能在合理的时间范围内提供响应。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 15th International Conference on Network and Service Management (CNSM)

自引率

0.00%

发文量