Constructing cascade bloom filters for efficient access enforcement
Loading...
Date
2019-03-01
Authors
Mousavi, Nima
Tripunitara, Mahesh
Advisor
Journal Title
Journal ISSN
Volume Title
Publisher
Elsevier
Abstract
We address access enforcement — the process of determining whether a request for access to a resource by a principal should be granted. While access enforcement is essential to security, it must not unduly impact performance. Consequently, we address the issue of time- and space-efficient access enforcement, and in particular, study a particular data structure, the Cascade Bloom filter, in this context. The Cascade Bloom filter is a generalization of the well-known Bloom filter, which is used for time- and space-efficient membership-checking in a set, while allowing for a non-zero probability of false positives. We consider the problems, in practice, of constructing Bloom, and Cascade Bloom filters, with our particular application, access enforcement, in mind. We identify the computational complexity of the underlying problems, and propose concrete algorithms to construct instances of the data structures. We have implemented our algorithms, and conducted empirical assessments, which also we discuss in this paper. Our code is available for public download. As such, our work is a contribution to efficient access enforcement.
Description
The final publication is available at Elsevier via https://dx.doi.org/10.1016/j.cose.2018.09.015 © 2019. This manuscript version is made available under the CC-BY-NC-ND 4.0 license https://creativecommons.org/licenses/by-nc-nd/4.0/
Keywords
Access control, Cascade bloom filter