A Platform for Assessing the Efficiency of Distributed Access Enforcement in Role Based Access Control (RBAC) and its Validation
Loading...
Date
2011-01-19T16:48:27Z
Authors
Komlenovic, Marko
Advisor
Journal Title
Journal ISSN
Volume Title
Publisher
University of Waterloo
Abstract
We consider the distributed access enforcement problem for Role-Based Access Control (RBAC) systems. Such enforcement has become important with RBAC's increasing adoption, and the proliferation of data that needs to be protected. We provide a platform for assessing candidates for access enforcement in a distributed architecture for enforcement. The platform provides the ability to encode data structures and algorithms for enforcement, and to measure time-, space- and administrative efficiency. To validate our platform, we use it to compare the state of the art in enforcement, CPOL [6], with two other approaches, the directed graph and the access matrix [9, 10]. We consider encodings of RBAC sessions in each, and propose and justify a benchmark for the assessment. We conclude with the somewhat surprising observation that CPOL is not necessarily the most efficient approach for access enforcement in distributed RBAC deployments.
Description
Keywords
Role Based Access Control, Distributed Access Enforcement in RBAC, RBAC, CPOL, Access Matrix, Directed Graph, Reference monitor, Access control policy