Performance Analysis of Dynamic Attribute-based Access Control Systems using a Queuing Theoretic Framework : vTools Events

IEEE.org | IEEE Xplore Digital Library | IEEE Standards | IEEE Spectrum | More Sites

Performance Analysis of Dynamic Attribute-based Access Control Systems using a Queuing Theoretic Framework

#performance-analysis #communications

A policy comprised of a set of rules forms the backbone of Attribute-based Access Control (ABAC) systems. Every incoming request is checked against such a policy and if at least one rule grants the access, it is allowed. Else, access is denied. The initial ABAC policy could be hand crafted by the security administrator or mined from a given set of authorizations using a policy engineering technique. In dynamic ABAC systems, over a period of time additional authorizations may have to be granted or some removed as per situational changes. These changes are maintained in an auxiliary list. For access resolution, both the policy as well as the auxiliary list are considered before taking a decision. Since such a list can grow indefinitely and checking it adversely affects access resolution efficiency, periodic policy rebuilding must be done by combining the existing policy and the auxiliary list. However, regenerating the ABAC policy requires re-running computationally expensive policy mining algorithms. Further, access mediation has to be put on hold while this step is being carried out, resulting in periods of unavailability of the system. In this work, we study the intricate problem of balancing access request resolution, accommodating dynamic authorization updates, and ABAC policy rebuilding. We employ a queuing theoretic approach where the access mediation process is modeled as an M/G/1 queue with vacation or limited service. While the server is primarily involved in resolving access requests, it occasionally goes on vacation to rebuild the ABAC policy. We study the effect of queue discipline on several performance parameters like request arrival rate, access resolution time, vacation duration and interval between vacations. Results of an extensive set of experiments provide a direction towards efficient implementation of dynamic ABAC systems.

Date and Time

Location

Hosts

Registration

Date: 02 Jun 2025
Time: 10:30 PM UTC to 12:00 AM UTC
Add Event to Calendar
iCal
Google Calendar

135 N Bellefield Ave
Pittsburgh, Pennsylvania
United States 15260
Building: Information Science Building
Room Number: Room 305

Contact Event Host

Starts 28 May 2025 04:00 AM UTC
Ends 03 June 2025 04:00 AM UTC
No Admission Charge

Speakers

Sural

Topic:

Performance Analysis of Dynamic Attribute-based Access Control Systems using a Queuing Theoretic Framework

Biography:

Shamik Sural is a full professor in the Department of Computer Science and Engineering, Indian Institute of Technology (IIT) Kharagpur. He received his Ph.D. degree from Jadavpur University, Kolkata, India, in the year 2000. Before joining IIT in 2002, Shamik spent more than a decade in the Information Technology industry working in India as well as in Michigan, USA. Shamik was a recipient of the Alexander von Humboldt Fellowship for Experienced Researchers in 2009, which enabled him to carry out research at TU Munich, Germany. He spent the Fall 2019 semester at Rutgers University, USA as a Fulbright scholar. He was also a Visiting Professor there in Fall 2023 and Spring 2024. Shamik is a Senior Member of IEEE and has served as the Chairman of the IEEE Kharagpur Section in 2006. He was on the editorial boards of IEEE Transactions on Dependable & Secure Computing and IEEE Transactions on Services Computing, and is currently on the editorial board of ACM Transactions on Internet Technology. He has published more than two hundred and fifty research papers in reputed international journals and conferences. His research interests include computer security, data mining and multimedia systems. Shamik can be reached at shamik@cse.iitkgp.ac.in.