BEGIN:VCALENDAR
VERSION:2.0
PRODID:IEEE vTools.Events//EN
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:America/New_York
BEGIN:DAYLIGHT
DTSTART:20250309T030000
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:20251102T010000
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20250527T151412Z
UID:37836A85-443C-4045-A01E-41763468F320
DTSTART;TZID=America/New_York:20250602T183000
DTEND;TZID=America/New_York:20250602T200000
DESCRIPTION:A policy comprised of a set of rules forms the backbone of Attr
 ibute-based Access Control (ABAC) systems. Every incoming request is check
 ed against such a policy and if at least one rule grants the access\, it i
 s allowed. Else\, access is denied. The initial ABAC policy could be hand 
 crafted by the security administrator or mined from a given set of authori
 zations using a policy engineering technique. In dynamic ABAC systems\, ov
 er a period of time additional authorizations may have to be granted or so
 me removed as per situational changes. These changes are maintained in an 
 auxiliary list. For access resolution\, both the policy as well as the aux
 iliary list are considered before taking a decision. Since such a list can
  grow indefinitely and checking it adversely affects access resolution eff
 iciency\, periodic policy rebuilding must be done by combining the existin
 g policy and the auxiliary list. However\, regenerating the ABAC policy re
 quires re-running computationally expensive policy mining algorithms. Furt
 her\, access mediation has to be put on hold while this step is being carr
 ied out\, resulting in periods of unavailability of the system. In this wo
 rk\, we study the intricate problem of balancing access request resolution
 \, accommodating dynamic authorization updates\, and ABAC policy rebuildin
 g. We employ a queuing theoretic approach where the access mediation proce
 ss is modeled as an M/G/1 queue with vacation or limited service. While th
 e server is primarily involved in resolving access requests\, it occasiona
 lly goes on vacation to rebuild the ABAC policy. We study the effect of qu
 eue discipline on several performance parameters like request arrival rate
 \, access resolution time\, vacation duration and interval between vacatio
 ns. Results of an extensive set of experiments provide a direction towards
  efficient implementation of dynamic ABAC systems.\n\nSpeaker(s): \,  Sura
 l\n\nRoom: Room 305\, Bldg: Information Science Building\, 135 N Bellefiel
 d Ave\, Pittsburgh\, Pennsylvania\, United States\, 15260
LOCATION:Room: Room 305\, Bldg: Information Science Building\, 135 N Bellef
 ield Ave\, Pittsburgh\, Pennsylvania\, United States\, 15260
ORGANIZER:bpalan@pitt.edu
SEQUENCE:25
SUMMARY:Performance Analysis of Dynamic Attribute-based Access Control Syst
 ems using a Queuing Theoretic Framework
URL;VALUE=URI:https://events.vtools.ieee.org/m/486883
X-ALT-DESC:Description: &lt;br /&gt;&lt;p class=&quot;MsoNormal&quot; style=&quot;text-align: justi
 fy\;&quot;&gt;&lt;span style=&quot;mso-bidi-font-size: 12.0pt\; color: #212121\;&quot;&gt; A polic
 y comprised of a set of rules forms the backbone of Attribute-based Access
  Control (ABAC) systems. Every incoming request is checked against such a 
 policy and if at least one rule grants the access\, it is allowed. Else\, 
 access is denied. The initial ABAC policy could be hand crafted by the sec
 urity administrator or mined from a given set of authorizations using a po
 licy engineering technique. In dynamic ABAC systems\, over a period of tim
 e additional authorizations may have to be granted or some removed as per 
 situational changes. These changes are maintained in an auxiliary list. Fo
 r access resolution\, both the policy as well as the auxiliary list are co
 nsidered before taking a decision. Since such a list can grow indefinitely
  and checking it adversely affects access resolution efficiency\, periodic
  policy rebuilding must be done by combining the existing policy and the a
 uxiliary list. However\, regenerating the ABAC policy requires re-running 
 computationally expensive policy mining algorithms. Further\, access media
 tion has to be put on hold while this step is being carried out\, resultin
 g in periods of unavailability of the system. In this work\, we study the 
 intricate problem of balancing access request resolution\, accommodating d
 ynamic authorization updates\, and ABAC policy rebuilding. We employ a que
 uing theoretic approach where the access mediation process is modeled as a
 n M/G/1 queue with vacation or limited service. While the server is primar
 ily involved in resolving access requests\, it occasionally goes on vacati
 on to rebuild the ABAC policy. We study the effect of queue discipline on 
 several performance parameters like request arrival rate\, access resoluti
 on time\, vacation duration and interval between vacations. Results of an 
 extensive set of experiments provide a direction towards efficient impleme
 ntation of dynamic ABAC systems.&lt;/span&gt;&lt;/p&gt;\n&lt;p class=&quot;MsoNormal&quot; style=&quot;t
 ext-align: justify\;&quot;&gt;&lt;span style=&quot;mso-bidi-font-size: 12.0pt\; color: #21
 2121\;&quot;&gt;&amp;nbsp\;&lt;/span&gt;&lt;/p&gt;
END:VEVENT
END:VCALENDAR