分级RBAC系统中的授权回收

Q Engineering

ACM Transactions on Information and System Security Pub Date : 2011-05-01 DOI:10.1145/1952982.1952985

Qiang Wei, J. Crampton, K. Beznosov, M. Ripeanu

{"title":"分级RBAC系统中的授权回收","authors":"Qiang Wei, J. Crampton, K. Beznosov, M. Ripeanu","doi":"10.1145/1952982.1952985","DOIUrl":null,"url":null,"abstract":"As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization caching, which enables the reuse of previous authorization decisions, is one technique that has been used to address these challenges.\n This article introduces and evaluates the mechanisms for authorization “recycling” in RBAC enterprise systems. The algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. We evaluate these algorithms analytically as well as using simulation and a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed-access control mechanisms.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"11 1","pages":"3:1-3:29"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"Authorization recycling in hierarchical RBAC systems\",\"authors\":\"Qiang Wei, J. Crampton, K. Beznosov, M. Ripeanu\",\"doi\":\"10.1145/1952982.1952985\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization caching, which enables the reuse of previous authorization decisions, is one technique that has been used to address these challenges.\\n This article introduces and evaluates the mechanisms for authorization “recycling” in RBAC enterprise systems. The algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. We evaluate these algorithms analytically as well as using simulation and a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed-access control mechanisms.\",\"PeriodicalId\":50912,\"journal\":{\"name\":\"ACM Transactions on Information and System Security\",\"volume\":\"11 1\",\"pages\":\"3:1-3:29\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Information and System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1952982.1952985\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1952982.1952985","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}

引用次数: 21

摘要

随着分布式应用程序的规模和复杂性的增加，基于专用授权服务器的传统授权体系结构变得越来越脆弱，因为这个决策点代表了单点故障和性能瓶颈。授权缓存支持重用以前的授权决策，这是一种用于解决这些挑战的技术。本文介绍并评估了RBAC企业系统中的授权“回收”机制。支持这些机制的算法允许做出精确和近似的授权决策，从而掩盖授权服务器可能出现的故障并减少其负载。我们对这些算法进行了分析评估，并使用了仿真和原型实现。我们的评估结果表明，授权回收可以提高分布式访问控制机制的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Authorization recycling in hierarchical RBAC systems

As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization caching, which enables the reuse of previous authorization decisions, is one technique that has been used to address these challenges. This article introduces and evaluates the mechanisms for authorization “recycling” in RBAC enterprise systems. The algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. We evaluate these algorithms analytically as well as using simulation and a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed-access control mechanisms.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACM Transactions on Information and System Security 工程技术-计算机：信息系统

CiteScore

4.50

自引率

0.00%

发文量

审稿时长

3.3 months

期刊介绍： ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.