pdfreaders.org

Idea: Efficient Evaluation of Access Control Constraints

Achim D. Brucker und Helmut Petritsch

Cover for brucker.ea:efficient:2010.Business requirements for modern enterprise systems usually comprise a variety of dynamic constraints, i.e., constraints that require a complex set of context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e.g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement.

Especially in highly distributed systems, e.g., systems based on the service-oriented architecture (SOA) paradigm, the time for evaluating access control constraints depends significantly on the protocol between the central policy decision point (PDP) and the distributed policy enforcement points (PEP).

In this paper, we present an policy-driven approach for generating customized protocol for the communication between the PDP and the pep. Moreover, we provide a detailed comparison of several approaches for querying context information during the evaluation of access control constraints.

Schlüsselwörter: distributed policy enforcement, XACML, access control
Kategorien: ,
Dokumente: (Artikel als PDF Datei)

QR Code for brucker.ea:efficient:2010.Bitte zitieren sie diesen Artikel wie folgt:
Achim D. Brucker und Helmut Petritsch. Idea: Efficient Evaluation of Access Control Constraints. In International Symposium on Engineering Secure Software and Systems (ESSoS). Lecture Notes in Computer Science (5965), pages 157-165, Springer-Verlag, 2010.
Schlüsselwörter: distributed policy enforcement, XACML, access control
(Artikel als PDF Datei) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-642-11747-3_12) (Share article on LinkedIn. Share article on CiteULike.)

BibTeX
@InCollection{ brucker.ea:efficient:2010,
abstract = {Business requirements for modern enterprise systems usually comprise a variety of dynamic constraints, i.e., constraints that require a complex set of context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e.g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement.\\\\Especially in highly distributed systems, e.g., systems based on the service-oriented architecture (SOA) paradigm, the time for evaluating access control constraints depends significantly on the protocol between the central policy decision point (PDP) and the distributed policy enforcement points (PEP).\\\\In this paper, we present an policy-driven approach for generating customized protocol for the communication between the PDP and the pep. Moreover, we provide a detailed comparison of several approaches for querying context information during the evaluation of access control constraints.},
address = {Heidelberg},
author = {Achim D. Brucker and Helmut Petritsch},
booktitle = {International Symposium on Engineering Secure Software and Systems (ESSoS)},
doi = {10.1007/978-3-642-11747-3_12},
editor = {F. Massacci and D. Wallach and N. Zannone},
isbn = {978-3-642-11746-6},
keywords = {distributed policy enforcement, XACML, access control},
language = {USenglish},
number = {5965},
pages = {157--165},
pdf = {https://www.brucker.ch/bibliography/download/2010/brucker.ea-efficient-2010.pdf},
publisher = {Springer-Verlag},
series = {Lecture Notes in Computer Science},
title = {Idea: Efficient Evaluation of Access Control Constraints},
url = {https://www.brucker.ch/bibliography/abstract/brucker.ea-efficient-2010},
year = {2010},
}