Cooperative Secondary Authorization Recycling

Transcription

1 Cooperative Secondary Authorization Recycling Qiang Wei, Matei Ripeanu, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca) University of British Columbia

2 Typical Authorization Architecture subject client application response application request protected application objects Policy Enforcement Point (PEP) application server (request, allow) authorization response authorization request (subject, object, read) Policy Decision Point (PDP) authorization server Also known as request-response paradigm e.g. IBM Access Manager, EJB, XACML 2

3 Motivation Problems reduced availability PEP PEP reduced scalability PDP PEP 3

4 Secondary and Approximate Authorization Model (SAAM) PEP PEP Secondary Authorization Recycling PDP PEP Secondary Decision Point () 1. reuse cached responses 2. infer approximate responses 4

5 Cooperative Secondary Authorization Recycling Discovery Service each serves only its own PEP! all s cooperate to serve all PEPs 5

6 A Simplified Example new request Alice s subject id=alice role=preferred customer allow (an approximate response) Discovery Service previous request Bob s subject id=bob role=customer allow 6

7 Contributions Proposed the concept of cooperative secondary authorization recycling system architecture & detailed design Evaluated availability performance Discovery Service 7

8 Key Design Features 8

9 Consistency: Support Critical Policy Changes Security Administrator Critical (t) Policy Changes Policy Store propagate policy changes to affected s immediately Policy Change Manager Detect 1. find affected s 2. find affected caches 9

10 Consistency: Support Time-sensitive Policy Changes Security Administrator Time-sensitive Policy Changes Policy Store A TTL approach: delete expired responses periodically Policy Change Manager Detect 10

11 Support Untrusted Remote s PEP Trusts Trusts PDP Trusted by all s Does NOT Trust Malicious Verify responses made by remote s 1. verify the authenticity and integrity 2. verify the correctness of inference 11

12 Three decision points Configurability local & remote s & the PDP To reduce network traffic & PDP s load sequentialauthorization 1 PEP 2 3 remote s PDP To reduce the response time concurrent authorization 1 PEP 1 1 remote s PDP 12

13 Evaluation Results via simulation & prototype implementation 13

14 Simulation-based Evaluation Metrics cache hit rate Methodology training set testing set simulation engine Affecting factors cache warmness = cached requests without replacement total possible requests number of cooperating s R 12 overlap rate O 12 = R R resource space 14

15 Hit Rate Dependence on Cache Warmness 5 s High hit rate is achieved even when cache warmness is low 15

16 Hit Rate Dependence on Number of s 10% cache warmness at each Increasing the number of cooperating s leads to higher hit rates Additional s provide diminishing returns 16

17 Metrics Prototype-based Evaluation average client-perceived response time hit rate Methodology PEP test driver discovery service JAVA RMI PDP Affecting factors PEP number of requests response verification frequency of policy change 17

18 Response Time Dependence on Number of Requests 4 s (CSAR), 100% overlap, 40ms RTT between PDP and each Cooperation can contribute to reduced response time 2. The impact of response verification is small

19 How will regular policy changes affect hit rate? 1 2. Cumulative effect of policy changes is significant 1. Hit-rate drop caused by each policy change is small 2. More frequent policy changes lead to lower hit rates 1. The hit rates stabilize after the knee 19

20 How does cooperation help? 100% overlap, policy changes at 100 requests/change 20 Cooperation improves hit rates when policy changes

21 Related Work Collaborative security (Locasto et al. 2006, Costa et al. 2005) CSAR Secondary and Approximate Authorization Model (SAAM) (Crampton et al. 2006, Beznosov 2005) Authorization recycling (Bauer et al. 2005, Borders et al. 2005) Collaborative web caching (Lyer et al. 2002, Wolman et al. 1999, Chankhunthod et al. 1996) 21

22 Summary reduced PE P availability PE P reduced scalability PD P Discovery Service PE P 22

23 lersse.ece.ubc.ca 23