Cooperative Secondary Authorization Recycling
|
|
- Maryann Moody
- 6 years ago
- Views:
Transcription
1 Cooperative Secondary Authorization Recycling Qiang Wei, Matei Ripeanu, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca) University of British Columbia
2 Typical Authorization Architecture subject client application response application request protected application objects Policy Enforcement Point (PEP) application server (request, allow) authorization response authorization request (subject, object, read) Policy Decision Point (PDP) authorization server Also known as request-response paradigm e.g. IBM Access Manager, EJB, XACML 2
3 Motivation Problems reduced availability PEP PEP reduced scalability PDP PEP 3
4 Secondary and Approximate Authorization Model (SAAM) PEP PEP Secondary Authorization Recycling PDP PEP Secondary Decision Point () 1. reuse cached responses 2. infer approximate responses 4
5 Cooperative Secondary Authorization Recycling Discovery Service each serves only its own PEP! all s cooperate to serve all PEPs 5
6 A Simplified Example new request Alice s subject id=alice role=preferred customer allow (an approximate response) Discovery Service previous request Bob s subject id=bob role=customer allow 6
7 Contributions Proposed the concept of cooperative secondary authorization recycling system architecture & detailed design Evaluated availability performance Discovery Service 7
8 Key Design Features 8
9 Consistency: Support Critical Policy Changes Security Administrator Critical (t) Policy Changes Policy Store propagate policy changes to affected s immediately Policy Change Manager Detect 1. find affected s 2. find affected caches 9
10 Consistency: Support Time-sensitive Policy Changes Security Administrator Time-sensitive Policy Changes Policy Store A TTL approach: delete expired responses periodically Policy Change Manager Detect 10
11 Support Untrusted Remote s PEP Trusts Trusts PDP Trusted by all s Does NOT Trust Malicious Verify responses made by remote s 1. verify the authenticity and integrity 2. verify the correctness of inference 11
12 Three decision points Configurability local & remote s & the PDP To reduce network traffic & PDP s load sequentialauthorization 1 PEP 2 3 remote s PDP To reduce the response time concurrent authorization 1 PEP 1 1 remote s PDP 12
13 Evaluation Results via simulation & prototype implementation 13
14 Simulation-based Evaluation Metrics cache hit rate Methodology training set testing set simulation engine Affecting factors cache warmness = cached requests without replacement total possible requests number of cooperating s R 12 overlap rate O 12 = R R resource space 14
15 Hit Rate Dependence on Cache Warmness 5 s High hit rate is achieved even when cache warmness is low 15
16 Hit Rate Dependence on Number of s 10% cache warmness at each Increasing the number of cooperating s leads to higher hit rates Additional s provide diminishing returns 16
17 Metrics Prototype-based Evaluation average client-perceived response time hit rate Methodology PEP test driver discovery service JAVA RMI PDP Affecting factors PEP number of requests response verification frequency of policy change 17
18 Response Time Dependence on Number of Requests 4 s (CSAR), 100% overlap, 40ms RTT between PDP and each Cooperation can contribute to reduced response time 2. The impact of response verification is small
19 How will regular policy changes affect hit rate? 1 2. Cumulative effect of policy changes is significant 1. Hit-rate drop caused by each policy change is small 2. More frequent policy changes lead to lower hit rates 1. The hit rates stabilize after the knee 19
20 How does cooperation help? 100% overlap, policy changes at 100 requests/change 20 Cooperation improves hit rates when policy changes
21 Related Work Collaborative security (Locasto et al. 2006, Costa et al. 2005) CSAR Secondary and Approximate Authorization Model (SAAM) (Crampton et al. 2006, Beznosov 2005) Authorization recycling (Bauer et al. 2005, Borders et al. 2005) Collaborative web caching (Lyer et al. 2002, Wolman et al. 1999, Chankhunthod et al. 1996) 21
22 Summary reduced PE P availability PE P reduced scalability PD P Discovery Service PE P 22
23 lersse.ece.ubc.ca 23
Authorization Recycling in RBAC Systems
Authorization Recycling in RBAC Systems Qiang Wei 1, Jason Crampton 2, Konstantin Beznosov 1, Matei Ripeanu 1 1 Laboratory for Education and Research in Secure Systems Engineering (LERSSE), University
More informationStudy of Secondary and Approximate Authorizations Model (SAAM)
Study of Secondary and Approximate Authorizations Model (SAAM) Kyle Zeeuwen kylez@ece.ubc.ca Abstract Request response access control systems with off-site Policy Decision Points have their reliability
More informationA Security Analysis of the Precise Time Protocol
A Security Analysis of the Precise Time Protocol Jeanette Tsang & Konstantin Beznosov December 5, 2006 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University of British
More informationOpenID Security Analysis and Evaluation
University of British Columbia OpenID Security Analysis and Evaluation San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University
More informationMETADATA SYNCHRONIZATION PROTOCOL FOR A DECENTRALIZED NETWORK OF DATA PROVIDERS
METADATA SYNCHRONIZATION PROTOCOL FOR A DECENTRALIZED NETWORK OF DATA PROVIDERS ACK CYFRONET AGH, Kraków, Poland AGH University of Science and Technology, Kraków, Poland Faculty of Computer Science, Electronics
More informationThe Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies
The Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies Jason Crampton Wing Leung Information Security Group LERSSE Royal Holloway, University of University of British
More informationSpeculative Authorization
Speculative Authorization Pranab Kini, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering lersse.ece.ubc.ca University of British Columbia Vancouver, Canada Technical
More informationPeer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University
Peer-to-peer Sender Authentication for Email Vivek Pathak and Liviu Iftode Rutgers University Email Trustworthiness Sender can be spoofed Need for Sender Authentication Importance depends on sender Update
More informationADP Security Management Service
ADP Security Management Service Securing Administrator Accounts Updated March 2017 Welcome! Your administrators complete the security registration process to access the ADP services your organization has
More informationAMAZON S3 FOR SCIENCE GRIDS: A VIABLE SOLUTION?
AMAZON S3 FOR SCIENCE GRIDS: A VIABLE SOLUTION? Mayur Palankar and Adriana Iamnitchi University of South Florida Matei Ripeanu University of British Columbia Simson Garfinkel Harvard University Amazon
More informationMotivation and goal Design concepts and service model Architecture and implementation Performance, and so on...
Motivation and goal Design concepts and service model Architecture and implementation Performance, and so on... Autonomous applications have a demand for grasping the state of hosts and networks for: sustaining
More informationA Statistically Rigorous Evaluation of the Cascade Bloom Filter for Distributed Access Enforcement in Role-Based Access Control (RBAC) Systems
A Statistically Rigorous Evaluation of the Cascade Bloom Filter for Distributed Access Enforcement in Role-Based Access Control (RBAC) Systems by Toufik Zitouni A thesis presented to the University of
More informationServerless Computing: Design, Implementation, and Performance. Garrett McGrath and Paul R. Brenner
Serverless Computing: Design, Implementation, and Performance Garrett McGrath and Paul R. Brenner Introduction Serverless Computing Explosion in popularity over the past 3 years Offerings from all leading
More informationInterdomain Routing Design for MobilityFirst
Interdomain Routing Design for MobilityFirst October 6, 2011 Z. Morley Mao, University of Michigan In collaboration with Mike Reiter s group 1 Interdomain routing design requirements Mobility support Network
More information3C05 - Advanced Software Engineering Thursday, April 29, 2004
Distributed Software Architecture Using Middleware Avtar Raikmo Overview Middleware What is middleware? Why do we need middleware? Types of middleware Distributed Software Architecture Business Object
More informationSpeculative Authorization
Speculative Authorization Pranab Kini University of British Columbia, Vancouver, Canada Email: pranabk@ece.ubc.ca Abstract In large scale distributed systems, arriving at policy decision is complex and
More informationDynamic Stateful Service Security
Dynamic Stateful Security FIA Workshop, Prague 12 May 2009 Mike Surridge ms@it-innovation.soton.ac.uk innovation.soton.ac.uk Overview Why is dynamic service security important? How we implemented dynamic
More informationDEPARTMENT OF COMPUTER SCIENCE
Department of Computer Science 1 DEPARTMENT OF COMPUTER SCIENCE Office in Computer Science Building, Room 279 (970) 491-5792 cs.colostate.edu (http://www.cs.colostate.edu) Professor L. Darrell Whitley,
More informationSecurent Entitlement Management Solution. v 3.1 GA. PDP and PEP Cache Clustering. September Part No. PDPPEPCACHE-31GA-1
Securent Entitlement Management Solution v 3.1 GA PDP and PEP Cache Clustering September 2007 Part No. PDPPEPCACHE-31GA-1 Copyright Copyright 2006-2007 Securent, Inc. All Rights Reserved. Restricted Rights
More informationPresented by: Alvaro Llanos E
Presented by: Alvaro Llanos E Motivation and Overview Frangipani Architecture overview Similar DFS PETAL: Distributed virtual disks Overview Design Virtual Physical mapping Failure tolerance Frangipani
More informationEvaluation of Performance of Cooperative Web Caching with Web Polygraph
Evaluation of Performance of Cooperative Web Caching with Web Polygraph Ping Du Jaspal Subhlok Department of Computer Science University of Houston Houston, TX 77204 {pdu, jaspal}@uh.edu Abstract This
More informationObject Storage The Challenge Ahead Make it Commercially Viable
Object Storage The Challenge Ahead Make it Commercially Viable Julian Satran Julian_Satran@il.ibm.com IBM Research Laboratory in Haifa Third Intelligent Storage Consortium University of Minnesota Agenda
More informationQualifying exam: operating systems, 1/6/2014
Qualifying exam: operating systems, 1/6/2014 Your name please: Part 1. Fun with forks (a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always
More informationA Composite Trust based Public Key Management in MANETs
USMA 6 th Network Science Workshop April 23, 2012 West Point, NY U.S. Army Research, Development and Engineering Command A Composite Trust based Public Key Management in MANETs Jin-Hee Cho and Kevin Chan
More informationClient/Server-Architecture
Client/Server-Architecture Content Client/Server Beginnings 2-Tier, 3-Tier, and N-Tier Architectures Communication between Tiers The Power of Distributed Objects Managing Distributed Systems The State
More informationJavaPolis 2004 Access Control Architectures: COM+ vs. EJB
JavaPolis 2004 Access Control Architectures: COM+ vs. EJB Dr. Konstantin Beznosov Assistant Professor University of British Columbia Overall Presentation Goal Learn about the capabilities of COM+ and EJB
More information[GSoC Proposal] Securing Airavata API
[GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating
More informationWeb Caching and Content Delivery
Web Caching and Content Delivery Caching for a Better Web Performance is a major concern in the Web Proxy caching is the most widely used method to improve Web performance Duplicate requests to the same
More informationWatching User Generated Videos with Prefetching
Watching User Generated Videos with Prefetching Samamon Khemmarat, Renjie Zhou, Lixin Gao, Michael Zink Electrical and Computer Engineering Department UMass Amherst MMSys 2011, Feb. 24 th User Generated
More informationKeeping DNS parents and children in sync at Internet Speed! Ólafur Guðmundsson
Keeping DNS parents and children in sync at Internet Speed! Ólafur Guðmundsson olafur@cloudflare.com How long does it take to? Post a new selfie on Facebook and all your friends to be notified few seconds
More informationReal4Test. Real IT Certification Exam Study materials/braindumps
Real4Test http://www.real4test.com Real IT Certification Exam Study materials/braindumps Exam : HP0-Y37 Title : Migrating &Troubleshooting Enterprise Networks Vendors : HP Version : DEMO Get Latest & Valid
More informationSDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich
SDN-based Network Obfuscation Roland Meier PhD Student ETH Zürich This Talk This thesis vs. existing solutions Alice Bob source: Alice destination: Bob Hi Bob, Hi Bob, Payload encryption ǾǼōĦ
More informationArgus Vulnerability Assessment *1
Argus Vulnerability Assessment *1 Manuel Brugnoli and Elisa Heymann Universitat Autònoma de Barcelona June, 2011 Introduction Argus is the glite Authorization Service. It is intended to provide consistent
More informationMODEL-BASED SYSTEMS ENGINEERING DESIGN AND TRADE-OFF ANALYSIS WITH RDF GRAPHS
MODEL-BASED SYSTEMS ENGINEERING DESIGN AND TRADE-OFF ANALYSIS WITH RDF GRAPHS Nefretiti Nassar and Mark Austin Institute of Systems Research, University of Maryland, College Park, MD 20742. CSER 2013 Presentation,
More informationFederated Authentication with Web Services Clients
Federated Authentication with Web Services Clients in the context of SAML based AAI federations Thomas Lenggenhager thomas.lenggenhager@switch.ch Mannheim, 8. March 2011 Overview SAML n-tier Delegation
More informationObligation Standardization
Standardization David Chadwick, University of Kent Mario Lischka NEC Laboratories Europe 1 Problems with Existing Model s have not been handled fully, they are simply attribute assignments which are consumed
More informationEthane: taking control of the enterprise
Ethane: taking control of the enterprise Martin Casado et al Giang Nguyen Motivation Enterprise networks are large, and complex, and management is distributed. Requires substantial manual configuration.
More informationGroup-Based Management of Distributed File Caches
Group-Based Management of Distributed File Caches Darrell D. E. Long Ahmed Amer Storage Systems Research Center Jack Baskin School of Engineering University of California, Santa Cruz Randal Burns Hopkins
More informationdraft-ietf-v6ops-tunnel-loops - Update and Status
draft-ietf-v6ops-tunnel-loops - Update and Status IETF V6OPS WG - March 31, 2011 Fred L. Templin Boeing Research & Technology fred.l.templin@boeing.com BOEING is a trademark of Boeing Management Company.
More informationA RESTful Approach to Identity-based Web Services
A RESTful Approach to Identity-based Web Services Marc J. Hadley Hubert A. Le Van Gong Sun Microsystems, Inc. 1 Outline > Identity-based web services intro > RESTful ID-WSF > OAuth Extensions > Permissioned
More informationIdentity Management (IdM) is a crosscutting focus area for DHS
DHS & Identity Management Anil John Telephone: (443) 778-0612 Email: anil.john@jhuapl.edu 1 Identity Management (IdM) is a crosscutting focus area for DHS Enabling Homeland Capabilities EHC #1: Cross-Agency
More information(h)icn Socket Library for HTTP Leveraging (h)icn socket library for carrying HTTP messages
(h)icn Socket Library for HTTP Leveraging (h)icn socket library for carrying HTTP messages Mauro Sardara, Luca Muscariello, Alberto Compagno Software Engineer ICNRG Interim Meeting, London, 18 th of March
More informationEnterprise Privacy and Federated Identity Management
Enterprise Privacy and Federated Identity Management Michael Waidner IBM Zurich Research Lab & IBM Privacy Research Institute April 2003 Outline 1. Motivation 2. Enterprise Privacy Management 3. Federated
More informationDesign and Implementation of A P2P Cooperative Proxy Cache System
Design and Implementation of A PP Cooperative Proxy Cache System James Z. Wang Vipul Bhulawala Department of Computer Science Clemson University, Box 40974 Clemson, SC 94-0974, USA +1-84--778 {jzwang,
More informationIdentity, Authentication and Authorization. John Slankas
Identity, Authentication and Authorization John Slankas jbslanka@ncsu.edu Identity Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others;
More informationAn Empirical Assessment of Approaches to Distributed Enforcement in Role-Based Access Control (RBAC)
An Empirical Assessment of Approaches to Distributed Enforcement in Role-Based Access Control (RBAC) Marko Komlenovic mkomlenovic@uwaterloo.ca Mahesh Tripunitara tripunit@uwaterloo.ca Department of Electrical
More informationIMPLEMENTING CISCO MPLS (MPLS)
IMPLEMENTING CISCO MPLS (MPLS) COURSE OVERVIEW: Multiprotocol Label Switching integrates the performance and traffic-management capabilities of data link Layer 2 with the scalability and flexibility of
More informationAnnouncements. me your survey: See the Announcements page. Today. Reading. Take a break around 10:15am. Ack: Some figures are from Coulouris
Announcements Email me your survey: See the Announcements page Today Conceptual overview of distributed systems System models Reading Today: Chapter 2 of Coulouris Next topic: client-side processing (HTML,
More informationJTC 1 SC 37 Biometrics International Standards
JTC 1 SC 37 Biometrics International Standards Dr. Stephen Elliott Biometrics Standards, Performance, and Assurance Laboratory Purdue University www.bspalabs.org Overview Market Opportunities for Biometric
More informationThe PRIMA Grid Authorization System
The PRIMA Grid Authorization System Markus Lorch and Dennis Kafura {mlorch@vt.edu, kafura@cs.vt.edu} Department of Computer Science Virginia Tech Blacksburg, VA 24061 Abstract PRIMA, a system for PRIvilege
More informationConfiguring IP SLAs LSP Health Monitor Operations
Configuring IP SLAs LSP Health Monitor Operations This module describes how to configure an IP Service Level Agreements (SLAs) label switched path (LSP) Health Monitor. LSP health monitors enable you to
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationA Comparison of File. D. Roselli, J. R. Lorch, T. E. Anderson Proc USENIX Annual Technical Conference
A Comparison of File System Workloads D. Roselli, J. R. Lorch, T. E. Anderson Proc. 2000 USENIX Annual Technical Conference File System Performance Integral component of overall system performance Optimised
More informationAuthenticating People and Machines over Insecure Networks
Authenticating People and Machines over Insecure Networks EECE 571B Computer Security Konstantin Beznosov authenticating people objective Alice The Internet Bob Password= sesame Password= sesame! authenticate
More informationSession Key Distribution
Session Key Distribution The TA shares secret keys with network users. The TA chooses session keys and distributes them in encrypted form upon request of network users. We will need to define appropriate
More informationSecurity Challenges on the Road Ahead. Tim Mather, CISO
Security Challenges on the Road Ahead Tim Mather, CISO How Information Security Should Not Be Perceived 2 How Information Security Should Not Be Engaged 3 Rain on the FIRST Parade No 4 FIRST Best Practice
More informationStadium. A Distributed Metadata-private Messaging System. Matei Zaharia Nickolai Zeldovich SOSP 2017
Stadium A Distributed Metadata-private Messaging System Nirvan Tyagi Yossi Gilad Derek Leung Matei Zaharia Nickolai Zeldovich SOSP 2017 Previous talk: Anonymous broadcast This talk: Private messaging Alice
More informationMONitoring Agents using a Large Integrated Services Architecture. Iosif Legrand California Institute of Technology
MONitoring Agents using a Large Integrated s Architecture California Institute of Technology Distributed Dynamic s Architecture Hierarchical structure of loosely coupled services which are independent
More informationDiPerF: automated DIstributed PERformance testing Framework
DiPerF: automated DIstributed PERformance testing Framework Catalin Dumitrescu, Ioan Raicu, Matei Ripeanu, Ian Foster Distributed Systems Laboratory Computer Science Department University of Chicago Introduction
More informationProgrammable Peer-to-Peer Systems
Programmable Peer-to-Peer Systems p. 1/18 Programmable Peer-to-Peer Systems Dimitris Vyzovitis vyzo@media.mit.edu Viral Communications MIT Media Laboratory Programmable Peer-to-Peer Systems p. 2/18 Overview
More informationMultimedia Streaming. Mike Zink
Multimedia Streaming Mike Zink Technical Challenges Servers (and proxy caches) storage continuous media streams, e.g.: 4000 movies * 90 minutes * 10 Mbps (DVD) = 27.0 TB 15 Mbps = 40.5 TB 36 Mbps (BluRay)=
More informationArchitectural Decisions and Patterns for Transactional Workflows in SOA
Business Integration Technologies Architectural Decisions and Patterns for Transactional Workflows in SA ICSC 2007 September 18, 2007 laf Zimmermann Jonas Grundler Stefan Tai Frank Leymann Agenda SA Decision
More informationStaggeringly Large File Systems. Presented by Haoyan Geng
Staggeringly Large File Systems Presented by Haoyan Geng Large-scale File Systems How Large? Google s file system in 2009 (Jeff Dean, LADIS 09) - 200+ clusters - Thousands of machines per cluster - Pools
More informationA Policy Controlled IPv4/IPv6 Network Emulation Environment
A Policy Controlled IPv4/IPv6 Network Emulation Environment Tomislav Grgic and Maja Matijasevic University of Zagreb, Faculty of Electrical Engineering and Computing Unska 3, HR-10000 Zagreb, Croatia tomislav.grgic@fer.hr,
More informationSecurent Entitlement Management Solution. v 3.1 GA. PEP Configurations. September Part No. PEPCONFIG-31GA-1
Securent Entitlement Management Solution v 3.1 GA PEP Configurations September 2007 Part No. PEPCONFIG-31GA-1 Copyright Copyright 2006-2007 Securent, Inc. All Rights Reserved. Restricted Rights This software
More informationEfficient General Policy Decision by Using Mutable Variable Aware Cache
Efficient General Policy Decision by Using Mutable Variable Aware Cache Liangxing Liu, Weili Han, Elisa Bertino, Tao Zhou, and Xinyi Zhang Software School, Fudan University, Shanghai, China Key Lab of
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationFederated Data Storage System Prototype based on dcache
Federated Data Storage System Prototype based on dcache Andrey Kiryanov, Alexei Klimentov, Artem Petrosyan, Andrey Zarochentsev on behalf of BigData lab @ NRC KI and Russian Federated Data Storage Project
More informationextensible Access Control Language (XACML)
extensible Access Control Language (XACML) Fatih Turkmen fturkmen(at)disi.unitn.it fturkmen(at)mit.edu Visiting PhD Student, CSAIL, MIT DISI, University of Trento Outline extensible Access Control Markup
More informationWebpage: Volume 4, Issue VI, June 2016 ISSN
SECURE DYNAMIC SOURCE ROUTING IN MOBILE ADHOC NETWORKS Pooja Sharma 1, Seep Sethi 2 1 M.Tech (ECE), 2 Head of ECE Department Somany (PG) Institute of Technology & Management, Rewari Abstract: A mobile
More informationGrid monitoring with MonAlisa
Grid monitoring with MonAlisa Iosif Legrand (Caltech) Iosif.Legrand@cern.ch Laura Duta (UPB) laura.duta@cs.pub.ro Alexandru Herisanu (UPB) aherisanu@cs.pub.ro Agenda What is MonAlisa? Who uses it? A little
More informationWireless Network Security Spring 2011
Wireless Network Security 14-814 Spring 2011 Patrick Tague Feb 17, 2011 Class #12 Network layer security Announcements No more scheduled office hours after today Email or call me to make an appointment
More informationPer-hop and end-to-end capacity estimation
Per-hop and end-to-end capacity estimation Fall 2003 CS 8803: Network Measurement Seminar Ravi S. Prasad Outline! Introduction! Definitions! Capacity estimation methodologies " Hop capacity! Variable packet
More informationPESIT Bangalore South Campus
INTERNAL ASSESSMENT TEST 2 Date : 04//17 Max Marks : 50 Subject & Code : Object oriented Modeling & Design (CS71) Section : A and B Name of faculty : Mrs Sumana Sinha Time : 11:30-1:00 pm wer any five
More informationA Hybrid Peer-to-Peer Architecture for Global Geospatial Web Service Discovery
A Hybrid Peer-to-Peer Architecture for Global Geospatial Web Service Discovery Shawn Chen 1, Steve Liang 2 1 Geomatics, University of Calgary, hschen@ucalgary.ca 2 Geomatics, University of Calgary, steve.liang@ucalgary.ca
More informationManaging the lifecycle of XACML delegation policies in federated environments
Managing the lifecycle of XACML delegation policies in federated environments Manuel Sánchez, Óscar Cánovas, Gabriel López, Antonio F. Gómez-Skarmeta Abstract This paper presents an infrastructure that
More informationIdle WebSphere Tuning Considerations
Idle WebSphere Tuning Considerations Now updated for WebSphere v8.5.5 Beena Hotchandani, IBM Performance Analyst Stephen Kinder, IBM Senior Technical Staff, WebSphere Virtualization Architect Table of
More informationArgus Authorization Service
Argus Authorization Service Valery Tschopp - SWITCH GDB Meeting, 11.07.2012 @ CERN EMI is partially funded by the European Commission under Grant Agreement RI-261611 Authorization What is authorization?
More informationLecture Notes 14 : Public-Key Infrastructure
6.857 Computer and Network Security October 24, 2002 Lecture Notes 14 : Public-Key Infrastructure Lecturer: Ron Rivest Scribe: Armour/Johann-Berkel/Owsley/Quealy [These notes come from Fall 2001. These
More informationIntegrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services
Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services David Nuñez, Isaac Agudo, and Javier Lopez Network, Information and Computer Security Laboratory (NICS Lab)
More informationADP Security Management Service
ADP Security Management Service Securing Administrator Accounts Updated May 2018 Welcome, A New Sign in Experience Awaits You ADP is committed to continuous process improvements to reduce friction and
More informationPerformance Impact of Multithreaded Java Server Applications
Performance Impact of Multithreaded Java Server Applications Yue Luo, Lizy K. John Laboratory of Computer Architecture ECE Department University of Texas at Austin 1/2/01 1 Outline Motivation VolanoMark
More informationAgent Technology for Network Management. Stuart Wagner Sudha Ramesh
Agent Technology for Network Management Stuart Wagner ssw@research.telcordia.com Sudha Ramesh sudha@research.telcordia.com Keith Landgraf kflandg@lts.ncsc.mil October 10, 2002 An SAIC Company Outline Some
More informationDISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN. Chapter 1. Introduction
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN Chapter 1 Introduction Definition of a Distributed System (1) A distributed system is: A collection of
More informationCycle Sharing Systems
Cycle Sharing Systems Jagadeesh Dyaberi Dependable Computing Systems Lab Purdue University 10/31/2005 1 Introduction Design of Program Security Communication Architecture Implementation Conclusion Outline
More informationStudy and Comparison of Mesh and Tree- Based Multicast Routing Protocols for MANETs
Study and Comparison of Mesh and Tree- Based Multicast Routing Protocols for MANETs Rajneesh Gujral Associate Proffesor (CSE Deptt.) Maharishi Markandeshwar University, Mullana, Ambala Sanjeev Rana Associate
More informationWireless Network Security Spring 2013
Wireless Network Security 14-814 Spring 2013 Patrick Tague Class #11 Control-Plane Routing Misbehavior Agenda Control-Plane Routing Misbehavior MANET Routing Misbehavior at the control-plane Toward secure
More informationSecurity & Privacy. Larry Rudolph. Pervasive Computing MIT SMA 5508 Spring 2006 Larry Rudolph
Security & Privacy Larry 1 Who cares about Privacy? Everybody? Nobody? Criminals? Governments? Corporations? Privacy is the right to keep information hidden. But there is lots of information. You do not
More informationNet Trust: User-Centered Detection of Pharming, Phishing and Fraud. L Jean Camp
Net Trust: User-Centered Detection of Pharming, Phishing and Fraud L Jean Camp www.ljean.com Core Problem Statement How to inform individual assessments of trustworthiness of a potential online transaction.
More informationSubway : Peer-To-Peer Clustering of Clients for Web Proxy
Subway : Peer-To-Peer Clustering of Clients for Web Proxy Kyungbaek Kim and Daeyeon Park Department of Electrical Engineering & Computer Science, Division of Electrical Engineering, Korea Advanced Institute
More informationMUTE: A Peer-to-Peer Web-based Real-time Collaborative Editor
MUTE: A Peer-to-Peer Web-based Real-time Collaborative Editor Matthieu Nicolas, Victorien Elvinger, Gérald Oster, Claudia-Lavinia Ignat, François Charoy To cite this version: Matthieu Nicolas, Victorien
More informationA Platform for Assessing the Efficiency of Distributed Access Enforcement in Role Based Access Control (RBAC) and its Validation
A Platform for Assessing the Efficiency of Distributed Access Enforcement in Role Based Access Control (RBAC) and its Validation by Marko Komlenović A thesis presented to the University of Waterloo in
More informationA Multilevel Secure MapReduce Framework for Cross-Domain Information Sharing in the Cloud
Calhoun: The NPS Institutional Archive Faculty and Researcher Publications Faculty and Researcher Publications 2013-03 A Multilevel Secure MapReduce Framework for Cross-Domain Information Sharing in the
More informationUNIC: Secure Deduplication of General Computations. Yang Tang and Junfeng Yang Columbia University
UNIC: Secure Deduplication of General Computations Yang Tang and Junfeng Yang Columbia University The world s data is fast exploding A significant portion of the data is redundant. Data deduplication can
More informationPLEASE READ CAREFULLY BEFORE YOU START
MIDTERM EXAMINATION #2 NETWORKING CONCEPTS 03-60-367-01 U N I V E R S I T Y O F W I N D S O R - S c h o o l o f C o m p u t e r S c i e n c e Fall 2011 Question Paper NOTE: Students may take this question
More informationBenchmarking results of SMIP project software components
Benchmarking results of SMIP project software components NAILabs September 15, 23 1 Introduction As packets are processed by high-speed security gateways and firewall devices, it is critical that system
More informationCHAPTER 4 OPTIMIZATION OF WEB CACHING PERFORMANCE BY CLUSTERING-BASED PRE-FETCHING TECHNIQUE USING MODIFIED ART1 (MART1)
71 CHAPTER 4 OPTIMIZATION OF WEB CACHING PERFORMANCE BY CLUSTERING-BASED PRE-FETCHING TECHNIQUE USING MODIFIED ART1 (MART1) 4.1 INTRODUCTION One of the prime research objectives of this thesis is to optimize
More informationWebPeer: A P2P-based System for
Huazhong University of Science and Technology Web: A P2P-based System for Publishing and Discovering Web Services Ruixuan Li Internet and Distributed Computing Laboratory College of Computer Science and
More informationDecision. Intelligent. Assistant: Research and Technical Background. Emergency. ENEA, July by C.Balducelli S.Bologna and A.M.
EIDA Project ( Proposal ) Emergency Intelligent Decision Assistant: Toolkit for Coordinated Emergency Management Research and Technical Background by C.Balducelli S.Bologna and A.M.Gadomski ENEA, July
More informationCloud Computing Chapter 2
Cloud Computing Chapter 2 1/17/2012 Agenda Composability Infrastructure Platforms Virtual Appliances Communication Protocol Applications Connecting to Cloud Composability Applications build in the cloud
More information