{"title":"An Access Control Implementation Targeting Resource-constrained Environments","authors":"Fan Zhang, B. Butler, B. Jennings","doi":"10.23919/CNSM46954.2019.9012689","DOIUrl":null,"url":null,"abstract":"As more and more services are deployed on devices near the network edge, security operations (such as authentication and authorization) need to move with them. Typically, edge devices have fewer resources than data center servers and so the security operations need to make more efficient use of what is available while offering adequate performance. Authorization adds latency and requires system resources, but the need for security management with strong authorization at the network edge is growing. We have released the first open source, high-performance, resource-efficient, XACML3 standard-compatible Policy Decision Point (PDP) called Luas (means “speed’' in the Irish language) based on an event-driven architecture and a non-blocking computational model, using a Bloom Filter for better performance. We compared its performance, resource usage and reliability against existing open source PDPs. Like those we tested, it provides accurate decisions, but Luas offers much faster security policy evaluation while using fewer system resources, and provides responses in a reasonable timeframe even when resources are scarce.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 15th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CNSM46954.2019.9012689","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
As more and more services are deployed on devices near the network edge, security operations (such as authentication and authorization) need to move with them. Typically, edge devices have fewer resources than data center servers and so the security operations need to make more efficient use of what is available while offering adequate performance. Authorization adds latency and requires system resources, but the need for security management with strong authorization at the network edge is growing. We have released the first open source, high-performance, resource-efficient, XACML3 standard-compatible Policy Decision Point (PDP) called Luas (means “speed’' in the Irish language) based on an event-driven architecture and a non-blocking computational model, using a Bloom Filter for better performance. We compared its performance, resource usage and reliability against existing open source PDPs. Like those we tested, it provides accurate decisions, but Luas offers much faster security policy evaluation while using fewer system resources, and provides responses in a reasonable timeframe even when resources are scarce.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
