Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

Fast Distributed Evaluation of Stateful Attribute-Based Access Control Policies

Abstract : Separation of access control logic from other components of applications facilitates uniform enforcement of policies across applications in enterprise systems. This approach is popular in attribute-based access control (ABAC) systems and is embodied in the XACML standard. For this approach to be practical in an enterprise system, the access control decision engine must be scalable, able to quickly respond to access control requests from many concurrently running applications. This is especially challenging for stateful (also called history-based) access control policies, in which access control requests may trigger state updates. This paper presents an policy evaluation algorithm for stateful ABAC policies that achieves high throughput by distributed processing, using a specialized multi-version concurrency control scheme to deal with possibly conflicting concurrent updates. The algorithm is especially designed to achieve low latency, by minimizing the number of messages on the critical path of each access control decision.
Document type :
Conference papers
Complete list of metadata

Cited literature [20 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, January 15, 2018 - 2:07:18 PM
Last modification on : Wednesday, November 3, 2021 - 6:22:46 AM
Long-term archiving on: : Monday, May 7, 2018 - 7:30:12 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Thang Bui, Scott D. Stoller, Shikhar Sharma. Fast Distributed Evaluation of Stateful Attribute-Based Access Control Policies. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.101-119, ⟨10.1007/978-3-319-61176-1_6⟩. ⟨hal-01684356⟩



Record views


Files downloads