Paper Info
Title
Hardware-enhanced distributed access enforcement for role-based access control
Abstract
The protection of information in enterprise and cloud platforms is growing more important and complex with increasing numbers of users who need to access resources with distinct permissions. Role-based access control (RBAC) eases administrative complexity for large-scale access control, while a client-server model can ease performance bottlenecks by distributing access enforcement across multiple servers that consult the centralized access decision policy server as needed. In this paper, we propose a new approach to access enforcement using an existing associative array hardware data structure (HWDS) to cache authorizations in a distributed system using RBAC. This HWDS approach uses hardware that has previous been demonstrated as useful for several application domains including access control, network packet routing, and generic comparison-based integer search algorithms. We reproduce experiments from prior work on distributed access enforcement for RBAC systems, and we design and conduct new experiments to evaluate HWDS-based access enforcement. Experimental data show the HWDS cuts session initiation time by about a third compared to existing solutions, while achieving similar performance to authorize access requests. These results suggest that distributed systems using RBAC could use HWDS-based access enforcement to increase session throughput or to decrease the number of access enforcement servers without losing performance.
Year
DOI
Venue
2014
10.1145/2613087.2613096
SACMAT
Keywords
Field
DocType
access control,enforcement,hardware data structures,security and protection
Computer access control,Computer science,Computer security,Cache,Server,Role-based access control,Enforcement,Access control,Computer hardware,Physical access,Cloud computing,Distributed computing
Conference
Citations 
PageRank 
References 
0
0.34
17
Authors
2
Name
Order
Citations
PageRank
Gedare Bloom16813.95
Rahul Simha213712.42