TY - GEN
T1 - An Access Control Implementation Targeting Resource-constrained Environments
AU - Zhang, Fan
AU - Butler, Bernard
AU - Jennings, Brendan
N1 - Funding Information:
This work has emanated from research conducted with the financial support of Science Foundation Ireland (SFI) and is co-funded under the liuropean Regional Development Fund under Grant Number 13/RC/2077.
Publisher Copyright:
© 2019 IFIP.
PY - 2019/10
Y1 - 2019/10
N2 - As more and more services are deployed on devices near the network edge, security operations (such as authentication and authorization) need to move with them. Typically, edge devices have fewer resources than data center servers and so the security operations need to make more efficient use of what is available while offering adequate performance. Authorization adds latency and requires system resources, but the need for security management with strong authorization at the network edge is growing. We have released the first open source, high-performance, resource-efficient, XACML3 standard-compatible Policy Decision Point (PDP) called Luas (means "speed" in the Irish language) based on an event-driven architecture and a non-blocking computational model, using a Bloom Filter for better performance. We compared its performance, resource usage and reliability against existing open source PDPs. Like those we tested, it provides accurate decisions, but Luas offers much faster security policy evaluation while using fewer system resources, and provides responses in a reasonable timeframe even when resources are scarce.
AB - As more and more services are deployed on devices near the network edge, security operations (such as authentication and authorization) need to move with them. Typically, edge devices have fewer resources than data center servers and so the security operations need to make more efficient use of what is available while offering adequate performance. Authorization adds latency and requires system resources, but the need for security management with strong authorization at the network edge is growing. We have released the first open source, high-performance, resource-efficient, XACML3 standard-compatible Policy Decision Point (PDP) called Luas (means "speed" in the Irish language) based on an event-driven architecture and a non-blocking computational model, using a Bloom Filter for better performance. We compared its performance, resource usage and reliability against existing open source PDPs. Like those we tested, it provides accurate decisions, but Luas offers much faster security policy evaluation while using fewer system resources, and provides responses in a reasonable timeframe even when resources are scarce.
UR - http://www.scopus.com/inward/record.url?scp=85081980970&partnerID=8YFLogxK
U2 - 10.23919/CNSM46954.2019.9012689
DO - 10.23919/CNSM46954.2019.9012689
M3 - Conference contribution
AN - SCOPUS:85081980970
T3 - 15th International Conference on Network and Service Management, CNSM 2019
BT - 15th International Conference on Network and Service Management, CNSM 2019
A2 - Lutfiyya, Hanan
A2 - Diao, Yixin
A2 - Zincir-Heywood, Nur
A2 - Badonnel, Remi
A2 - Madeira, Edmundo
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 15th International Conference on Network and Service Management, CNSM 2019
Y2 - 21 October 2019 through 25 October 2019
ER -