Authorization Recycling in RBAC Systems
|
|
- Magdalene Perkins
- 5 years ago
- Views:
Transcription
1 Authorization Recycling in RBAC Systems Qiang Wei 1, Jason Crampton 2, Konstantin Beznosov 1, Matei Ripeanu 1 1 Laboratory for Education and Research in Secure Systems Engineering (LERSSE), University of British Columbia 2 Information Security Group, Royal Holloway, University of London
2 the overview outline authorization architecture motivation recycling approach recycling algorithms experimental evaluations summary & future work 2 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
3 a typical authorization architecture subject client application response application request protected application objects policy enforcement point (PEP) application server (request, allow) authorization response authorization request (subject, object, read) policy decision point (PDP) authorization server - also known as request-response paradigm - applied by IBM Access Manager, Entrust GetAccess, CA SiteMinder, etc. 3 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
4 motivations PEP + re-use of authorization logic + consistent policy enforcement PDP PEP PEP - reduced availability - increased latency - reduced scalability 4 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
5 existing approaches fault-tolerance by replication/redundancy + improve availability - latency remains unchanged - require specialized OS/middleware - poorly scale on large populations caching previous authorizations + simple, inexpensive + improves performance & availability - serves only requests that have been issued before (precise recycling) 5 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
6 secondary and approximate authorization model (SAAM) 1 PEP SDP PEP SDP secondary authorization recycling PDP PEP SDP secondary decision point (SDP) 1. resolve returning requests (precise recycling) 2. resolve new requests (approximate recycling) 1 J. Crampton, W. Leung and K. Beznosov, The Secondary and Approximate Authorization Model and its Application to Bell- LaPadula Policies, in the Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT), Lake Tahoe, California, USA, 7-9 June, Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
7 SAAM SAAM RBAC only an abstract model a specific SAAM recycling algorithm is needed for each access control model SAAM RBAC apply SAAM to role-based access control (RBAC) model develop recycling algorithms specifically for RBAC 7 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
8 outline the overview recycling algorithms experimental evaluations summary & future work 8 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
9 terminology request: issued by a subject s for a permission p request=(s,p) ±: denotes the decision to a request an allow response: +(s,p) a deny response: (s,p) subject: modeled as the set of roles r activated in a session s= {r 1, r 2, r 3 } 9 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
10 inference rules Rule + : if +(s,p) and s s, then request (s',p) should also be allowed Rule - : if -(s,p) and s s, then request (s',p) should also be denied + S 1 = {r 1 } Rule + Rule - + S 2 = {r 1, r 2 } Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
11 SAAM RBAC recycling algorithms cache construction decision cache update SDP primary responses PDP PEP secondary responses policy change messages cache 11 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
12 cache + and cache - PDP built from allow responses built from deny responses cache + cache - p 1 {{r 3, r 4 },{r 5, r 6 }} p 2 {{r 1 },{r 5, r 6 }} p 3 {{r 2, r 4 },{r 1, r 2 }} SDP p 1 {r 1, r 2 } p 2 {r 3, r 4} p 3 {r 5, r 6} 12 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
13 example: SDP receives 1 st deny response - ({r 1, r 2 }, p) cache + cache - {r 1, r 2 } PDP SDP 13 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
14 example: SDP receives 1 st allow response + ({r 2, r 3, r 4 }, p) cache + cache - {{r 3, r 4 }} {r 1, r 2 } PDP SDP 14 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
15 example: SDP receives 2 nd allow response + ({r 4, r 5, r 6 }, p) cache + cache - {{r 3, r 4 }, }} {r 1, r 2 } {r 4, r 5, r 6 }} PDP SDP 15 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
16 example: SDP receives 2 nd deny response - ({r 4, r 7 }, p) cache + cache - {{r 3, r 4 }, {r 4, r 5, r 6 }} {r 1, r 2,} r 4, r 7 } PDP SDP 16 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
17 example: SDP receives 2 nd deny response - ({r 4, r 7 }, p) cache + cache - {{r 3 }, {r 5, r 6 }} {r 1, r 2, r 4, r 7 } PDP SDP 17 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
18 example: SDP makes an allow decision ({r 3, r 4 }, p) PEP allow cache + cache - {{r 3 }, {r 1, r 2, {r 5, r 6 }} r 4, r 7 } SDP 18 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
19 example: SDP makes a deny decision ({r 1, r 4, r 7 }, p) PEP deny cache + {{r 3 }, {r 5, r 6 }} cache - {r 1, r 2, r 4, r 7 } SDP 19 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
20 example: SDP makes an undecided decision ({r 1, r 5 }, p) PEP undecided cache + cache - {{r 3 }, {r 1, r 2, {r 5, r 6 }} r 4, r 7 } SDP 20 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
21 example: summary secondary responses PEP + ({r 3, r 4 }, p) - ({r 1, r 4, r 7 }, p)? ({r 1, r 5 }, p) these two are new requests! SDP cache + p {{r 3 },{r 5, r 6 }} cache - p {r 1, r 2, r 4, r 7 } PDP - ({r 1, r 2 }, p) + ({r 2, r 3, r 4 }, p) + ({r 4, r 5, r 6 }, p) - ({r 4, r 7 }, p) primary responses algorithm correctness is proved if the SDP makes any allow or deny decision, the PDP will always make the same decision 21 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
22 outline the overview recycling algorithms experimental evaluations summary and future work 22 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
23 SDP hit rate a cache hit evaluation metrics a request is resolved by the SDP higher hit rate => more requests resolved by the SDP even when the PDP fails => higher availability reducing the load of the PDP => higher scalability SDP inference time the time used to infer approximate responses less inference time, more efficient the system 23 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
24 evaluation methodology data input files warming request set testing request set RBAC policy input parameters evaluation engine PDP cache + cache - SDP warming phase testing phase 24 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
25 hit rate RABC policy: 100 subjects, 1,000 objects, 50 roles compared with simple caching, hit rate is improved significantly by using SAAM RBAC recycling algorithm 25 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
26 the impact of various system parameters the percentage of deny responses the number of roles the number of roles assigned per permission the number of roles assigned per user the popularity distribution of role assignment 26 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
27 inference time RABC policy: 100 subjects, 1,000 objects, 50 roles inference time stabilizes 27 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
28 cache size RABC policy: 100 subjects, 1,000 objects, 50 roles cache size stabilizes 28 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
29 outline the overview recycling algorithms experimental evaluations summary and future work 29 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
30 summary 30 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
31 future work when role hierarchy is available cache replacement algorithm experiment with real enterprise RBAC policies and request traces 31 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
32 We are looking for policies and traces from real applications! If you are willing to share them, please talk to me or contact me at: lersse.ece.ubc.ca 32 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)
Cooperative Secondary Authorization Recycling
Cooperative Secondary Authorization Recycling Qiang Wei, Matei Ripeanu, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca) University of British
More informationStudy of Secondary and Approximate Authorizations Model (SAAM)
Study of Secondary and Approximate Authorizations Model (SAAM) Kyle Zeeuwen kylez@ece.ubc.ca Abstract Request response access control systems with off-site Policy Decision Points have their reliability
More informationThe Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies
The Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies Jason Crampton Wing Leung Information Security Group LERSSE Royal Holloway, University of University of British
More informationRBAC Administration in Distributed Systems
RBAC Administration in Marnix Dekker, Jason Crampton, Sandro Etalle and Embedded groep (DIES), Universitity of Twente Information Security Group (ISG), Royal Holloway University of London Security Group
More informationSpeculative Authorization
Speculative Authorization Pranab Kini, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering lersse.ece.ubc.ca University of British Columbia Vancouver, Canada Technical
More informationA Security Analysis of the Precise Time Protocol
A Security Analysis of the Precise Time Protocol Jeanette Tsang & Konstantin Beznosov December 5, 2006 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University of British
More informationSpeculative Authorization
Speculative Authorization Pranab Kini University of British Columbia, Vancouver, Canada Email: pranabk@ece.ubc.ca Abstract In large scale distributed systems, arriving at policy decision is complex and
More informationA Framework for Enforcing Constrained RBAC Policies
A Framework for Enforcing Constrained RBAC Policies Jason Crampton Information Security Group Royal Holloway, University of London jason.crampton@rhul.ac.uk Hemanth Khambhammettu Information Security Group
More informationAn Efficient Framework for User Authorization Queries in RBAC Systems
An Efficient Framework for User Authorization Queries in RBAC Systems Guneshi T. Wickramaarachchi Purdue University 305 N. University Street, West Lafayette, IN 47907, USA gwickram@purdue.edu Wahbeh H.
More informationAn Empirical Assessment of Approaches to Distributed Enforcement in Role-Based Access Control (RBAC)
An Empirical Assessment of Approaches to Distributed Enforcement in Role-Based Access Control (RBAC) Marko Komlenovic mkomlenovic@uwaterloo.ca Mahesh Tripunitara tripunit@uwaterloo.ca Department of Electrical
More informationA Statistically Rigorous Evaluation of the Cascade Bloom Filter for Distributed Access Enforcement in Role-Based Access Control (RBAC) Systems
A Statistically Rigorous Evaluation of the Cascade Bloom Filter for Distributed Access Enforcement in Role-Based Access Control (RBAC) Systems by Toufik Zitouni A thesis presented to the University of
More informationJavaPolis 2004 Access Control Architectures: COM+ vs. EJB
JavaPolis 2004 Access Control Architectures: COM+ vs. EJB Dr. Konstantin Beznosov Assistant Professor University of British Columbia Overall Presentation Goal Learn about the capabilities of COM+ and EJB
More informationAdministrative Privilege Inheritance in RBAC
Administrative Privilege Inheritance in RBAC Open Session Talk, FOSAD 2006 Marnix Dekker, TNO ICT, Security group This talk is about ongoing work with: with Jan Cederquist*, Jason Crampton** and Sandro
More information[GSoC Proposal] Securing Airavata API
[GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating
More informationOpenID Security Analysis and Evaluation
University of British Columbia OpenID Security Analysis and Evaluation San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University
More informationAuthorization and Certificates: Are We Pushing When We Should Be Pulling?
Authorization and Certificates: Are We Pushing When We Should Be Pulling? Jason Crampton Hemanth Khambhammettu Information Security Group, Royal Holloway, University of London Egham, TW20 0EX, United Kingdom
More informationA Platform for Assessing the Efficiency of Distributed Access Enforcement in Role Based Access Control (RBAC) and its Validation
A Platform for Assessing the Efficiency of Distributed Access Enforcement in Role Based Access Control (RBAC) and its Validation by Marko Komlenović A thesis presented to the University of Waterloo in
More informationEfficient Access Enforcement in Distributed Role-Based Access Control (RBAC) Deployments
Efficient Access Enforcement in Distributed Role-Based Access Control (RBAC) Deployments Mahesh V. Tripunitara ECE Dept., Univ. of Waterloo Waterloo, ON, Canada tripunit@uwaterloo.ca Bogdan Carbunar ARTC,
More informationEfficient General Policy Decision by Using Mutable Variable Aware Cache
Efficient General Policy Decision by Using Mutable Variable Aware Cache Liangxing Liu, Weili Han, Elisa Bertino, Tao Zhou, and Xinyi Zhang Software School, Fudan University, Shanghai, China Key Lab of
More informationFactors Affecting Performance of Web Flows in Cellular Networks
in Cellular Networks Ermias A. Walelgne, Kim Setälä, Vaibhav Bajpai, Stefan Neumeier, Jukka Manner, Jörg Ott May 15, 2018 - FP Networking, Zurich ntroduction ntroduction ntroduction Motivation 99% of the
More informationEvaluation of Performance of Cooperative Web Caching with Web Polygraph
Evaluation of Performance of Cooperative Web Caching with Web Polygraph Ping Du Jaspal Subhlok Department of Computer Science University of Houston Houston, TX 77204 {pdu, jaspal}@uh.edu Abstract This
More informationA Context-sensitive Access Control Model and Prototype Implementation
A Context-sensitive Access Control Model and Prototype Implementation Damian G. Cholewka 1, Reinhardt A. Botha 2, Jan H.P. Eloff 1 1 Rand Afrikaans University, Johannesburg, South Africa 2 Port Elizabeth
More informationTech Note 715 Resolving Issues with DAServer Diagnostic Node on the Windows 2008 Operating System
Tech Note 715 Resolving Issues with DAServer Diagnostic Node on the Windows 2008 Operating System All Tech Notes, Tech Alerts and KBCD documents and software are provided "as is" without warranty of any
More informationActian PSQL Vx Server Licensing
Actian PSQL Vx Server Licensing Overview The Actian PSQL Vx Server edition is designed for highly virtualized environments with support for enterprise hypervisor features including live application migration
More informationOASIS: Architecture, Model and Management of Policy
OASIS: Architecture, Model and Management of Policy Ken Moody Computer Laboratory, University of Cambridge 1 Overview OASIS : Architecture, Model and Policy 1. background to the research people, projects
More informationService-Centric Networking for the Developing World
GAIA workshop Service-Centric Networking for the Developing World Arjuna Sathiaseelan, Liang Wang, Andrius Aucinas, Gareth Tyson*, Jon Crowcroft N4D Lab liang.wang@cl.cam.ac.uk Cambridge University, UK
More informationMigration Based Page Caching Algorithm for a Hybrid Main Memory of DRAM and PRAM
Migration Based Page Caching Algorithm for a Hybrid Main Memory of DRAM and PRAM Hyunchul Seok Daejeon, Korea hcseok@core.kaist.ac.kr Youngwoo Park Daejeon, Korea ywpark@core.kaist.ac.kr Kyu Ho Park Deajeon,
More informationDual-Core Execution: Building A Highly Scalable Single-Thread Instruction Window
Dual-Core Execution: Building A Highly Scalable Single-Thread Instruction Window Huiyang Zhou School of Computer Science University of Central Florida New Challenges in Billion-Transistor Processor Era
More informationEnterprise Workflow Resource Management
Enterprise Workflow Resource Management Weimin Du and Ming-Chien Shan Hewlett-Packard Laboratories 1501 Page Mill Road, Palo Alto, CA 94304 1 Abstract Resource management is a key issue in providing resource
More informationAttribute-Based Access and Communication Control Models for Cloud and Cloud-Enabled Internet of Things
Attribute-Based Access and Communication Control Models for Cloud and Cloud-Enabled Internet of Things Ph.D. Dissertation Defense: Smriti Bhatt Institute for Cyber Security (ICS) Department of Computer
More informationInter-ReBAC: Inter-operation of Relationship-based Access Control Model Instances
Inter-ReBAC: Inter-operation of Relationship-based Access Control Model Instances Jason Crampton and James Sellwood Royal Holloway University of London, Egham, United Kingdom. jason.crampton@rhul.ac.uk,
More informationConcepts of Usability. Usability Testing. Usability concept ISO/IS What is context? What is context? What is usability? How to measure it?
Concepts of Usability Usability Testing What is usability? How to measure it? Fang Chen ISO/IS 9241 Usability concept The extent to which a product can be used by specified users to achieve specified goals
More informationBrian F. Cooper. Distributed systems, digital libraries, and database systems
Brian F. Cooper Home Office Internet 2240 Homestead Ct. #206 Stanford University cooperb@stanford.edu Los Altos, CA 94024 Gates 424 http://www.stanford.edu/~cooperb/app/ (408) 730-5543 Stanford, CA 94305
More informationGroup-Based Management of Distributed File Caches
Group-Based Management of Distributed File Caches Darrell D. E. Long Ahmed Amer Storage Systems Research Center Jack Baskin School of Engineering University of California, Santa Cruz Randal Burns Hopkins
More informationData Mining with Oracle 10g using Clustering and Classification Algorithms Nhamo Mdzingwa September 25, 2005
Data Mining with Oracle 10g using Clustering and Classification Algorithms Nhamo Mdzingwa September 25, 2005 Abstract Deciding on which algorithm to use, in terms of which is the most effective and accurate
More informationextensible Access Control Language (XACML)
extensible Access Control Language (XACML) Fatih Turkmen fturkmen(at)disi.unitn.it fturkmen(at)mit.edu Visiting PhD Student, CSAIL, MIT DISI, University of Trento Outline extensible Access Control Markup
More informationA Remote Hot Standby System of Oracle
2012 International Conference on Image, Vision and Computing (ICIVC 2012) IPCSIT vol. 50 (2012) (2012) IACSIT Press, Singapore DOI: 10.7763/IPCSIT.2012.V50.51 A Remote Hot Standby System of Oracle Qiu
More informationExploiting Hidden Layer Modular Redundancy for Fault-Tolerance in Neural Network Accelerators
Exploiting Hidden Layer Modular Redundancy for Fault-Tolerance in Neural Network Accelerators Schuyler Eldridge Ajay Joshi Department of Electrical and Computer Engineering, Boston University schuye@bu.edu
More informationRapid Bottleneck Identification A Better Way to do Load Testing. An Oracle White Paper June 2008
Rapid Bottleneck Identification A Better Way to do Load Testing An Oracle White Paper June 2008 Rapid Bottleneck Identification A Better Way to do Load Testing. RBI combines a comprehensive understanding
More informationEngineering Fault-Tolerant TCP/IP servers using FT-TCP. Dmitrii Zagorodnov University of California San Diego
Engineering Fault-Tolerant TCP/IP servers using FT-TCP Dmitrii Zagorodnov University of California San Diego Motivation Reliable network services are desirable but costly! Extra and/or specialized hardware
More informationFinding Resilience-Friendly Compiler Optimizations using Meta-Heuristic Search
Finding Resilience-Friendly Compiler Optimizations using Meta-Heuristic Search Techniques Nithya Narayanamurthy Karthik Pattabiraman Matei Ripeanu University of British Columbia (UBC) 1 Motivation: Hardware
More informationEarly Measurements of a Cluster-based Architecture for P2P Systems
Early Measurements of a Cluster-based Architecture for P2P Systems Balachander Krishnamurthy, Jia Wang, Yinglian Xie I. INTRODUCTION Peer-to-peer applications such as Napster [4], Freenet [1], and Gnutella
More informationImplementation and Performance Evaluation of RAPID-Cache under Linux
Implementation and Performance Evaluation of RAPID-Cache under Linux Ming Zhang, Xubin He, and Qing Yang Department of Electrical and Computer Engineering, University of Rhode Island, Kingston, RI 2881
More informationFault Class Prioritization in Boolean Expressions
Fault Class Prioritization in Boolean Expressions Ziyuan Wang 1,2 Zhenyu Chen 1 Tsong-Yueh Chen 3 Baowen Xu 1,2 1 State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210093,
More informationMultimedia Streaming. Mike Zink
Multimedia Streaming Mike Zink Technical Challenges Servers (and proxy caches) storage continuous media streams, e.g.: 4000 movies * 90 minutes * 10 Mbps (DVD) = 27.0 TB 15 Mbps = 40.5 TB 36 Mbps (BluRay)=
More informationADAPTIVE AND DYNAMIC LOAD BALANCING METHODOLOGIES FOR DISTRIBUTED ENVIRONMENT
ADAPTIVE AND DYNAMIC LOAD BALANCING METHODOLOGIES FOR DISTRIBUTED ENVIRONMENT PhD Summary DOCTORATE OF PHILOSOPHY IN COMPUTER SCIENCE & ENGINEERING By Sandip Kumar Goyal (09-PhD-052) Under the Supervision
More informationApplying Mobile Agent for Internet-based Distributed Speech Recognition
ICCAS2005 June 2-5, KINTEX, Gyeonggi-Do, Korea Applying Mobile Agent for Internet-based Distributed Speech Recognition Emrul Hamide Md Saaim, Mohamad Ashari Alias, Abdul Manan Ahmad, Jamal Nasir Ahmad
More informationPrivacy Policy Languages:
Privacy Policy Languages: XACML vs EPAL 5 th Annual Privacy & Security Workshop 29 October 2004 Anne Anderson Staff Engineer Sun Microsystems Labs Burlington, MA, USA Anne.Anderson@sun.com Copyright 2004
More informationWhy do Internet services fail, and what can be done about it?
Why do Internet services fail, and what can be done about it? David Oppenheimer, Archana Ganapathi, and David Patterson Computer Science Division University of California at Berkeley 4 th USENIX Symposium
More informationAn Efficient Web Cache Replacement Policy
In the Proc. of the 9th Intl. Symp. on High Performance Computing (HiPC-3), Hyderabad, India, Dec. 23. An Efficient Web Cache Replacement Policy A. Radhika Sarma and R. Govindarajan Supercomputer Education
More informationPowerVault MD3 SSD Cache Overview
PowerVault MD3 SSD Cache Overview A Dell Technical White Paper Dell Storage Engineering October 2015 A Dell Technical White Paper TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS
More informationAn Efficient Indirect Branch Predictor
An Efficient Indirect ranch Predictor Yul Chu and M. R. Ito 2 Electrical and Computer Engineering Department, Mississippi State University, ox 957, Mississippi State, MS 39762, USA chu@ece.msstate.edu
More informationCFLRU:A A Replacement Algorithm for Flash Memory
CFLRU:A A Replacement Algorithm for Flash Memory CASES'06, October 23 25, 2006, Seoul, Korea. Copyright 2006 ACM 1-59593-543-6/06/0010 Yen-Ting Liu Outline Introduction CFLRU Algorithm Simulation Implementation
More informationPervasive PSQL Vx Server Licensing
Pervasive PSQL Vx Server Licensing Overview The Pervasive PSQL Vx Server edition is designed for highly virtualized environments with support for enterprise hypervisor features including live application
More informationEvolution of Computers & Microprocessors. Dr. Cahit Karakuş
Evolution of Computers & Microprocessors Dr. Cahit Karakuş Evolution of Computers First generation (1939-1954) - vacuum tube IBM 650, 1954 Evolution of Computers Second generation (1954-1959) - transistor
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationTrade-Offs in Cryptographic Schemes for
in Cryptographic Jason Crampton Information Security Group Royal Holloway, University of London NordSec 2009 Cryptographic Cryptography for Suppose we have a poset of security labels (L, ) Each x L is
More informationNovell Internet Security Management with BorderManager 3.5: Enterprise Edition.
Novell 050-650 Internet Security Management with BorderManager 3.5: Enterprise Edition http://killexams.com/exam-detail/050-650 QUESTION: 165 When using NAT, which ICMP packet types are prevented from
More informationLLFI: An Intermediate Code-Level Fault Injection Tool for Hardware Faults
LLFI: An Intermediate Code-Level Fault Injection Tool for Hardware Faults Qining Lu, Mostafa Farahani, Jiesheng Wei, Anna Thomas, and Karthik Pattabiraman Department of Electrical and Computer Engineering,
More informationArcGIS Enterprise: Performance and Scalability Best Practices. Darren Baird, PE, Esri
ArcGIS Enterprise: Performance and Scalability Best Practices Darren Baird, PE, Esri dbaird@esri.com What is ArcGIS Enterprise What s Included with ArcGIS Enterprise ArcGIS Server the core web services
More informationHarnessing Byzantine Fault Tolerance Using Classical Theory. Dr. Thaddeus Westerson
Harnessing Byzantine Fault Tolerance Using Classical Theory Dr. Thaddeus Westerson 1 Motivation The popularity of game-theoretic technology among end-users is decreasing Theory must be made scalable, distributed,
More informationPerformance and Scalability
Measuring Critical Manufacturing cmnavigo: Affordable MES Performance and Scalability for Time-Critical Industry Environments Critical Manufacturing, 2015 Summary Proving Performance and Scalability Time-Critical
More informationLecture 9 - Virtual Memory
CS 152 Computer Architecture and Engineering Lecture 9 - Virtual Memory Dr. George Michelogiannakis EECS, University of California at Berkeley CRD, Lawrence Berkeley National Laboratory http://inst.eecs.berkeley.edu/~cs152
More informationA Framework for Peer-To-Peer Lookup Services based on k-ary search
A Framework for Peer-To-Peer Lookup Services based on k-ary search Sameh El-Ansary Swedish Institute of Computer Science Kista, Sweden Luc Onana Alima Department of Microelectronics and Information Technology
More informationCapturing User Friendship in WLAN Traces
Capturing User Friendship in WLAN Traces Wei-jen Hsu and Ahmed Helmy Department of Electrical Engineering University of Southern California {weijenhs, helmy}@usc.edu http://nile.usc.edu/mobilib/ Motivation
More informationMemory Performance Characterization of SPEC CPU2006 Benchmarks Using TSIM1
Available online at www.sciencedirect.com Physics Procedia 33 (2012 ) 1029 1035 2012 International Conference on Medical Physics and Biomedical Engineering Memory Performance Characterization of SPEC CPU2006
More informationCHAPTER 4 OPTIMIZATION OF WEB CACHING PERFORMANCE BY CLUSTERING-BASED PRE-FETCHING TECHNIQUE USING MODIFIED ART1 (MART1)
71 CHAPTER 4 OPTIMIZATION OF WEB CACHING PERFORMANCE BY CLUSTERING-BASED PRE-FETCHING TECHNIQUE USING MODIFIED ART1 (MART1) 4.1 INTRODUCTION One of the prime research objectives of this thesis is to optimize
More informationAdministrative Scope and Role Hierarchy Operations
Administrative Scope and Role Hierarchy Operations Jason Crampton & George Loizou School of Computer Science & Information Systems Birkbeck, University of London Administration in Access Control Any practical
More informationAn Autonomous Dynamically Adaptive Memory Hierarchy for Chip Multiprocessors
ACM IEEE 37 th International Symposium on Computer Architecture Elastic Cooperative Caching: An Autonomous Dynamically Adaptive Memory Hierarchy for Chip Multiprocessors Enric Herrero¹, José González²,
More informationAn Auto-Delegation Mechanism for Access Control Systems
An Auto-Delegation Mechanism for Access Control Systems Jason Crampton and Charles Morisset Information Security Group, Royal Holloway, University of London, Egham, Surrey TW20 0EX, U.K. e-mail: firstname.lastname@rhul.ac.uk
More informationVisualization of Node Interaction Dynamics in Network Traces
Visualization of Node Interaction Dynamics in Network Traces Jürgen Schönwälder AIMS 2009, Enschede, 2009-07-01 Co-authors: Petar Dobrev, Sorin Stancu-Mara Support: EU IST-EMANICS Network of Excellence
More informationImproving the Performances of Proxy Cache Replacement Policies by Considering Infrequent Objects
Improving the Performances of Proxy Cache Replacement Policies by Considering Infrequent Objects Hon Wai Leong Department of Computer Science National University of Singapore 3 Science Drive 2, Singapore
More informationSubway : Peer-To-Peer Clustering of Clients for Web Proxy
Subway : Peer-To-Peer Clustering of Clients for Web Proxy Kyungbaek Kim and Daeyeon Park Department of Electrical Engineering & Computer Science, Division of Electrical Engineering, Korea Advanced Institute
More informationTopics in P2P Networked Systems
600.413 Topics in P2P Networked Systems Week 4 Measurements Andreas Terzis Slides from Stefan Saroiu Content Delivery is Changing Thirst for data continues to increase (more data & users) New types of
More informationTime-constraint Access Control in Pervasive Computing Environments
Time-constraint Access Control in Pervasive Computing Environments Jun-qing Li lijunqing@lcu.edu.cn Quan-ke Pan panquanke@lcu.edu.cn Sheng-xian Xie xsx@lcu.edu.cn Yu-ting Wang wangyuting@lcu.edu.cn ABSTRACT
More informationDistributed Meta-data Servers: Architecture and Design. Sarah Sharafkandi David H.C. Du DISC
Distributed Meta-data Servers: Architecture and Design Sarah Sharafkandi David H.C. Du DISC 5/22/07 1 Outline Meta-Data Server (MDS) functions Why a distributed and global Architecture? Problem description
More informationDemand fetching is commonly employed to bring the data
Proceedings of 2nd Annual Conference on Theoretical and Applied Computer Science, November 2010, Stillwater, OK 14 Markov Prediction Scheme for Cache Prefetching Pranav Pathak, Mehedi Sarwar, Sohum Sohoni
More informationThreshold-Based Markov Prefetchers
Threshold-Based Markov Prefetchers Carlos Marchani Tamer Mohamed Lerzan Celikkanat George AbiNader Rice University, Department of Electrical and Computer Engineering ELEC 525, Spring 26 Abstract In this
More informationImproving object cache performance through selective placement
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2006 Improving object cache performance through selective placement Saied
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More informationTrueSight 10 Architecture & Scalability Q&A Best Practice Webinar 8/18/2015
Q: Where can I find the TrueSight Operations Management Best Practice material? A: TrueSight OM Best Practice material is published on the BMC Communities web site at the following link. https://communities.bmc.com/docs/doc-37443
More informationConfiguration of Windows 2000 operational consoles and accounts for the CERN accelerator control rooms
EUROPEAN ORGANIZATION FOR NUCLEAR RESEARCH CERN AB DIVISION CERN-AB-2003-105 (CO) Configuration of Windows 2000 operational consoles and accounts for the CERN accelerator control rooms M. Albert, G. Crockford,
More informationAdvanced Peer to Peer Discovery and Interaction Framework
Advanced Peer to Peer Discovery and Interaction Framework Peeyush Tugnawat J.D. Edwards and Company One, Technology Way, Denver, CO 80237 peeyush_tugnawat@jdedwards.com Mohamed E. Fayad Computer Engineering
More informationSeparating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington
Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems Robert Grimm University of Washington Extensions Added to running system Interact through low-latency interfaces Form
More informationAdaptive Cluster Computing using JavaSpaces
Adaptive Cluster Computing using JavaSpaces Jyoti Batheja and Manish Parashar The Applied Software Systems Lab. ECE Department, Rutgers University Outline Background Introduction Related Work Summary of
More informationI/O Commercial Workloads. Scalable Disk Arrays. Scalable ICDA Performance. Outline of This Talk: Related Work on Disk Arrays.
Scalable Disk Arrays I/O Commercial Workloads David Kaeli Northeastern University Computer Architecture Research Laboratory Boston, MA Manpreet Singh William Zahavi EMC Corporation Hopkington, MA Industry
More informationA General Sign Bit Error Correction Scheme for Approximate Adders
A General Sign Bit Error Correction Scheme for Approximate Adders Rui Zhou and Weikang Qian University of Michigan-Shanghai Jiao Tong University Joint Institute Shanghai Jiao Tong University, Shanghai,
More informationRelative Reduced Hops
GreedyDual-Size: A Cost-Aware WWW Proxy Caching Algorithm Pei Cao Sandy Irani y 1 Introduction As the World Wide Web has grown in popularity in recent years, the percentage of network trac due to HTTP
More informationMEMORY HIERARCHY BASICS. B649 Parallel Architectures and Programming
MEMORY HIERARCHY BASICS B649 Parallel Architectures and Programming BASICS Why Do We Need Caches? 3 Overview 4 Terminology cache virtual memory memory stall cycles direct mapped valid bit block address
More informationCA SSO Cloud-Enabled with SSO/Rest
CA SSO Cloud-Enabled with SSO/Rest SSO/Rest Solves Many Challenges Applications in the Cloud AJAX / Mobile / Thick Client Application Integration "Agent-less" Infrastructure Server-side Application Integration
More informationOptimizing the use of the Hard Disk in MapReduce Frameworks for Multi-core Architectures*
Optimizing the use of the Hard Disk in MapReduce Frameworks for Multi-core Architectures* Tharso Ferreira 1, Antonio Espinosa 1, Juan Carlos Moure 2 and Porfidio Hernández 2 Computer Architecture and Operating
More informationCONTENT DISTRIBUTION. Oliver Michel University of Illinois at Urbana-Champaign. October 25th, 2011
CONTENT DISTRIBUTION Oliver Michel University of Illinois at Urbana-Champaign October 25th, 2011 OVERVIEW 1. Why use advanced techniques for content distribution on the internet? 2. CoralCDN 3. Identifying
More informationThe 7 deadly sins of cloud computing [2] Cloud-scale resource management [1]
The 7 deadly sins of [2] Cloud-scale resource management [1] University of California, Santa Cruz May 20, 2013 1 / 14 Deadly sins of of sin (n.) - common simplification or shortcut employed by ers; may
More informationOn the Scalability and Effectiveness of a Cache Pollution based DoS Attack in Information Centric Networks
On the Scalability and Effectiveness of a Cache Pollution based DoS Attack in Information Centric Networks Jeffery Gouge School of Computing University of North Florida Jacksonville, FL Anand Seetharam
More informationMeasuring zseries System Performance. Dr. Chu J. Jong School of Information Technology Illinois State University 06/11/2012
Measuring zseries System Performance Dr. Chu J. Jong School of Information Technology Illinois State University 06/11/2012 Outline Computer System Performance Performance Factors and Measurements zseries
More informationECE 30 Introduction to Computer Engineering
ECE 0 Introduction to Computer Engineering Study Problems, Set #9 Spring 01 1. Given the following series of address references given as word addresses:,,, 1, 1, 1,, 8, 19,,,,, 7,, and. Assuming a direct-mapped
More informationTowards Energy Proportionality for Large-Scale Latency-Critical Workloads
Towards Energy Proportionality for Large-Scale Latency-Critical Workloads David Lo *, Liqun Cheng *, Rama Govindaraju *, Luiz André Barroso *, Christos Kozyrakis Stanford University * Google Inc. 2012
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationUnderstanding The Effects of Wrong-path Memory References on Processor Performance
Understanding The Effects of Wrong-path Memory References on Processor Performance Onur Mutlu Hyesoon Kim David N. Armstrong Yale N. Patt The University of Texas at Austin 2 Motivation Processors spend
More informationDesign and Evaluation of I/O Strategies for Parallel Pipelined STAP Applications
Design and Evaluation of I/O Strategies for Parallel Pipelined STAP Applications Wei-keng Liao Alok Choudhary ECE Department Northwestern University Evanston, IL Donald Weiner Pramod Varshney EECS Department
More information