The {SAAM} Project at {UBC}

Jason Crampton; Wing Leung

The SAAM Project at UBC

Abstract:

We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. Our secondary and approximate authorization model (SAAM) defines the notions of primary vs. secondary and precise vs. approximate authorizations. Approximate authorization responses are inferred from cached primary responses, and therefore provide an alternative source of access control decisions in the event that the authorization server is unavailable or slow. The ability to compute approximate authorizations improves the reliability and performance of access control sub-systems and ultimately the application systems themselves.

The operation of a system that employs SAAM depends on the type of access control policy it implements. We proposed algorithms and analyzed their performance for computing secondary authorizations in the case of policies based on the Bell-LaPadula model. Preliminary results of evaluation of SAAMblp algorithms demonstrate a 30% increase in the number of authorization requests that can be served without consulting access control policies.

Jason Crampton, University of British Columbia

Wing Leung, University of British Columbia

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX

@conference {268854,
author = {Jason Crampton and Wing Leung},
title = {The {SAAM} Project at {UBC}},
year = {2006},
address = {Vancouver, B.C. Canada},
publisher = {USENIX Association},
month = jul
}

Download