Idea: Efficient Evaluation of Access Control Constraint
نویسندگان
چکیده
Business requirements for modern enterprise systems usually comprise a variety of dynamic constraints, i. e., constraints that require a complex set of context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e. g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement. In distributed systems, e. g., based on the service-oriented architecture (SOA), the time for evaluating access control constraints depends significantly on the protocol between the central Policy Decision Point (PDP) and the distributed Policy Enforcement Points (PEPs). In this paper, we present a policy-driven approach for generating customized protocol for the communication between the PDP and the PEPs. We provide a detailed comparison of several approaches for querying context information during the evaluation of access control constraints.
منابع مشابه
Enforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملIdea: Efficient Evaluation of Access Control Constraints
Business requirements for modern enterprise systems usually comprise a variety of dynamic constraints, i. e., constraints that require a complex set of context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e. g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement....
متن کاملVisual Approach to Role Mining with Permission Usage Cardinality Constraint
Role Based Access Control (RBAC) is an effective way of managing permissions assigned to a large number of users in an enterprise. This paper offers a new role engineering approach to RBAC, referred to as visual role mining. The key idea is to graphically represent userpermission assignments to enable quick analysis and elicitation of meaningful roles with constraint. There are two algorithms: ...
متن کاملCharacterization of Properly Efficient Solutions for Convex Multiobjective Programming with Nondifferentiable vanishing constraints
This paper studies the convex multiobjective optimization problem with vanishing constraints. We introduce a new constraint qualification for these problems, and then a necessary optimality condition for properly efficient solutions is presented. Finally by imposing some assumptions, we show that our necessary condition is also sufficient for proper efficiency. Our results are formula...
متن کاملData Structures for Constraint Enforcement in Role-based Systems
Constraints are an important aspect of role-based models. Several types of constraints, such as separation of duty constraints, cardinality constraints and temporal constraints have been identified in the literature. Although the specification of constraints has received significant research interest, there has been little work on the development of an efficient constraint enforcement model. In...
متن کامل