Flooding and Recycling Authorizations
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers...
View ArticleJAMES: Junk Authorizations for Massive-scale Enterprise Services
The request-response paradigm used for distributed access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the...
View ArticleRecycling Authorizations: Toward Secondary and Approximate Authorizations...
In large and complex enterprises, obtaining authorizations could be communicationally and/or computationally expensive, and, due to infrastructure failures, some times even impossible. This paper...
View ArticleSecondary and Approximate Authorization Model (SAAM) and its Application to...
The talk defines the secondary and approximate authorization model (SAAM). In SAAM, approximate authorization responses are inferred from cached primary responses, and therefore provide an alternative...
View ArticleSaamViz - Visualizer for SAAM
The purpose of the project is to create a visualization component for the secondary and approximate authorization model (SAAM) simulator to assist in the study of SAAM. This visualization component,...
View ArticleThe Secondary and Approximate Authorization Model and its Application to...
We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. Our secondary and approximate authorization model (SAAM) defines the...
View ArticleEvaluation of SAAM_BLP
Request response access control systems that use Policy Decision Points have their reliability and latency bounded by network communication. We propose the use of a secondary decision point that...
View ArticleThe Secondary and Approximate Authorization Model and its Application to...
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers...
View ArticleEmploying Secondary and Approximate Authorizations to Improve Access Control...
The request-response paradigm used for developing access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization...
View ArticleCooperative Secondary Authorization Recycling
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleCooperative Secondary Authorization Recycling
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleAuthorization Recycling in RBAC Systems
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents...
View ArticleCooperative Secondary Authorization Recycling
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures---based predominantly on the request-response...
View ArticleThe Secondary and Approximate Authorization Model and its Application to BLP...
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers...
View ArticleWhy (Managing) IT Security is Hard and Some Ideas for Making It Easier
The way security mechanisms for distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are (a) very expensive and error-prone to...
View ArticleCooperative Secondary Authorization Recycling
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleAuthorization Using the Publish-Subscribe Model
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed...
View ArticleToward Improving Availability and Performance of Enterprise Authorization...
In currently deployed large enterprise systems, policy enforcement points (PDPs) are commonly implemented as logically centralized authorization servers. This centralization provides important...
View ArticleAuthorization Recycling in RBAC Systems
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents...
View ArticleAuthorization Using the Publish-Subscribe Model
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed...
View Article