On the performance of access control policy evaluation

Griffin, Leigh and Butler, Bernard and de Leastar, Eamonn and Jennings, Brendan and Botvich, Dmitri (2012) On the performance of access control policy evaluation. In: IEEE International Symposium on Policies for Distributed Systems & Networks, 16-18 July 2012, Chapel Hill, North Carolina, USA.

[thumbnail of On the performance of access control policy evaluation.pdf]
On the performance of access control policy evaluation.pdf - Published Version

Download (960kB) | Preview


There is growing awareness of the need to protect digital resources and services in both corporate and home ICT scenarios. Meanwhile, communication tools tailored for corporations are blurring the line between communication mech- anisms and (near) real-time resource sharing. The resulting requirement for near real-time policy-based access control is technically challenging. In a corporate domain, such access control mechanisms must be unobtrusive and comply with strict security objectives. Thus policy evaluation performance needs to be considered while addressing traditional security concerns. This paper discusses policy system design principles that motivate a novel Policy Decision Point (PDP) implementation and associated policy language. These principles are consistent with recent web development techniques designed to improve performance and scalability. Given a modern web development stack comprising a language (Javascript), a framework (Node.js) and a database management system (Redis), the proposition is that significant performance gains can be made. Our performance experiments suggest this is the case when, through various design iterations, our prototype PDP implementation is compared with an estab- lished, Java/XACML-based access control PDP implementation. The experiments presented in this paper suggest that newer technologies offer better performance. The analysis suggests that this is because they offer a more efficient data representation and make better use of computing resources.

Item Type: Conference or Workshop Item (Paper)
Departments or Groups: Walton Institute for Information and Communications Systems Science
Divisions: School of Science > Department of Computing, Maths and Physics
Depositing User: Leigh Griffin
Date Deposited: 29 Aug 2012 14:46
Last Modified: 22 Aug 2016 10:26
URI: https://repository.wit.ie/id/eprint/1739

Actions (login required)

View Item View Item