We consider the distributed access enforcement problem for Role-Based Access Control (RBAC) systems. Such enforcement has become important with RBAC's increasing adoption, and the proliferation of data that needs to be protected. We provide a platform for assessing candidates for access enforcement in a distributed architecture for enforcement. The platform provides the ability to encode data structures and algorithms for enforcement, and to measure time-, space- and administrative efficiency. To validate our platform, we use it to compare the state of the art in enforcement, CPOL [6], with two other approaches, the directed graph and the access matrix [9, 10]. We consider encodings of RBAC sessions in each, and propose and justify a benchmark for the assessment. We conclude with the somewhat surprising observation that CPOL is not necessarily the most efficient approach for access enforcement in distributed RBAC deployments.
Identifer | oai:union.ndltd.org:WATERLOO/oai:uwspace.uwaterloo.ca:10012/5731 |
Date | 14 January 2011 |
Creators | Komlenovic, Marko |
Source Sets | University of Waterloo Electronic Theses Repository |
Language | English |
Detected Language | English |
Type | Thesis or Dissertation |
Page generated in 0.0016 seconds