Performance evaluation of XACML PDP implementations

Türkmen, Fatih; Crispo, Bruno

doi:10.1145/1456492.1456499

Cited by 57 publications

(38 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While this approach supports separation of concerns and the specification of fine-grained policies, it can also introduce a considerable overhead when the size of the search result set increases. This is especially true for fine-grained rules, typically included in attribute-based policies [22]. Our approach does not suffer from this problem.…”

Section: Background and Related Workmentioning

confidence: 99%

“…While both XACML and STAPL support fine-grained specification of access rules, their policy evaluation process also involves a considerable overhead [22]. For traditional request-response applications, this overhead is in many cases acceptable.…”

Section: Background and Related Workmentioning

confidence: 99%

“…While this approach supports separation of concerns, as security administrators can manage policies independently from the application, it does not scale with an increasing result set. This is true especially for large attribute-based policies [22]. This paper takes an alternative approach that performs runtime injection of the appropriate access rules into the search query based on the context in which subjects perform the search operation.…”

mentioning

confidence: 99%

See 2 more Smart Citations

SEQUOIA: Scalable Policy-Based Access Control for Search Operations in Data-Driven Applications

Bogaerts

Lagaisse

Joosen

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Policy-based access control is a technology that achieves separation of concerns through evaluating an externalized policy at each access attempt. While this approach has been well-established for requestresponse applications, it is not supported for database queries of datadriven applications, especially for attribute-based policies. In particular, search operations for such applications involve poor scalability with regard to the data set size for this approach, because they are influenced by dynamic runtime conditions. This paper proposes a scalable application-level middleware solution that performs runtime injection of the appropriate rules into the original search query, so that the result set of the search includes only items to which the subject is entitled. Our evaluation shows that our method scales far better than current state of practice approach that supports policy-based access control.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Background and Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

SEQUOIA: Scalable Policy-Based Access Control for Search Operations in Data-Driven Applications

Bogaerts

Lagaisse

Joosen

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…a Service whose resources are willing to be accessed by the Device) and one of its administrators (the Service Admin), as well as an Identity Provider (IdP) and the Policy Administration, Decision and Enforcement Points (PAP, PDP and PEP). The last three are the components that make the widely known access control architecture [9]. Besides, we have included a Policies DB where policies are stored by the PAP and checked by the PDP.…”

Section: ) Delegatedmentioning

confidence: 99%

A model to enable application-scoped access control as a service for IoT using OAuth 2.0

Fernández

Alonso

Marco

et al. 2017

2017 20th Conference on Innovations in Clouds, Internet and Networks (ICIN)

View full text Add to dashboard Cite

Abstract-Access Control is crucial for security management, but in the context of the Internet of Things it cannot be implemented the same way as traditional systems do. Indeed, devices that make the Internet of Things impose some constraints that encourage the design of new access control mechanisms, which should provide flexibility of configuration, as well as support several authorization scopes at the same time, yet being computationally light, dynamic and scalable in order to be ready for the forthcoming Cloud Computing paradigm. In this paper we propose an authorization model that is based on the OAuth 2.0 protocol. From the point of view of the identity provider, this model allows managing roles and permissions for an application-scoped authorization, to enable more flexible scenarios in which multiple tenants take part. With regard to devices, the OAuth 2.0 makes authorization extremely light, because all the required information is provided with a token. Considering all this, authorization management is completely delegated to an external system, so that an as-a-service access control mechanism is provided. The proposed model complies with the security, flexibility and performance requirements that are needed in the Internet of Things paradigm.

show abstract

“…However, XACML is relatively heavyweight and expensive to implement (Turkmen & Crispo, 2008), especially in the context of low power devices. To address this, Webinos has developed an engine which can calculate the subset of the policy that is relevant to a particular device.…”

Section: A5: Device Access Controlmentioning

confidence: 99%

A survey of secure middleware for the Internet of Things

Fremantle

Scott

2017

PeerJ Computer Science

View full text Add to dashboard Cite

The rapid growth of small Internet connected devices, known as the Internet of Things (IoT), is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area.

show abstract

Performance evaluation of XACML PDP implementations

Cited by 57 publications

References 3 publications

SEQUOIA: Scalable Policy-Based Access Control for Search Operations in Data-Driven Applications

SEQUOIA: Scalable Policy-Based Access Control for Search Operations in Data-Driven Applications

A model to enable application-scoped access control as a service for IoT using OAuth 2.0

A survey of secure middleware for the Internet of Things

Contact Info

Product

Resources

About