PEP-side caching: An insider threat port

Abstract

PEP-side caching is used in request-response access control mechanisms to increase the availability and reduce the processing overhead on PDP. Nonetheless, this paper shows that using this approach may open an insider threat port that can be used to bypass access control models in cloud and distributed relational databases. Moreover, the paper proposes a light model that detects and prevents the threat without affecting the performance of PEP and PDP, and it keeps the advantages of PEP-side caching model.