Speculative authorization and its sibling ideas

SPAN architecture

Performance overhead due to the authorization delays can be reduced if the access control decisions are pre-computed beforehand and placed into the cache of the policy enforcement point (PEP). LERSSE alumni Pranab Kini has explored the design space for speculative authorizations. A journal version of his thesis has been recently published IEEE Transactions on Parallel and Distributed Systems.

This was instantiation of the third idea, which I have originally described in an NSPW paper on Flooding and Recycling Authorizations. The other two ideas were on Secondary and Approximate Authorization Model (for SAAM for Bell-LaPadula and SAAM for RBAC) and the use of publish-subscribe technologies for delivering both authorization requests and decisions.

Comments are closed.