%0 Conference Proceedings
%T Fast Distributed Evaluation of Stateful Attribute-Based Access Control Policies
%+ Stony Brook University [SUNY] (SBU)
%A Bui, Thang
%A Stoller, Scott, D.
%A Sharma, Shikhar
%Z Part 1: Access Control
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC)
%C Philadelphia, PA, United States
%Y Giovanni Livraga
%Y Sencun Zhu
%I Springer International Publishing
%3 Data and Applications Security and Privacy XXXI
%V LNCS-10359
%P 101-119
%8 2017-07-19
%D 2017
%R 10.1007/978-3-319-61176-1_6
%Z Computer Science [cs]Conference papers
%X Separation of access control logic from other components of applications facilitates uniform enforcement of policies across applications in enterprise systems. This approach is popular in attribute-based access control (ABAC) systems and is embodied in the XACML standard. For this approach to be practical in an enterprise system, the access control decision engine must be scalable, able to quickly respond to access control requests from many concurrently running applications. This is especially challenging for stateful (also called history-based) access control policies, in which access control requests may trigger state updates. This paper presents an policy evaluation algorithm for stateful ABAC policies that achieves high throughput by distributed processing, using a specialized multi-version concurrency control scheme to deal with possibly conflicting concurrent updates. The algorithm is especially designed to achieve low latency, by minimizing the number of messages on the critical path of each access control decision.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-01684356/document
%2 https://inria.hal.science/hal-01684356/file/453481_1_En_6_Chapter.pdf
%L hal-01684356
%U https://inria.hal.science/hal-01684356
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-LNCS-10359