Presentation is loading. Please wait.

Presentation is loading. Please wait.

ACM CCS 2005 CPOL: High-Performance Policy Evaluation Kevin Borders Xin Zhao Atul Prakash University of Michigan.

Published byWilfrid Parker Modified over 9 years ago

Similar presentations

Presentation on theme: "ACM CCS 2005 CPOL: High-Performance Policy Evaluation Kevin Borders Xin Zhao Atul Prakash University of Michigan."— Presentation transcript:

1 ACM CCS 2005 CPOL: High-Performance Policy Evaluation Kevin Borders Xin Zhao Atul Prakash University of Michigan

2 ACM CCS 2005 Overview Motivation: Why High-Performance? Current Solutions CPOL Design Evaluation of CPOL vs. Other Solutions Conclusion and Future Work

3 ACM CCS 2005 Motivation: Why High-Performance? Applications are emerging that require high-throughput policy evaluation –Example: Enforcing privacy policies for location-aware services Large number of subscribers Alice may want to give Bob access to her location only Monday through Friday 9 AM – 5 PM when she is in the computer science building –Example: Text messaging Control who can send you information depending on the time and your location

4 ACM CCS 2005 Current Policy Evaluation Solutions KeyNote Trust Management System –Delegation chains are used to grant trust –Not designed with performance in mind – very slow SQL Database –More scalable than KeyNote, but throughput is still not good enough – approx. 2000 queries/second

5 ACM CCS 2005 CPOL Design Goals Have expressiveness comparable to KeyNote –Express almost everything KeyNote can and some things that KeyNote cannot Be able to handle a large volume of requests a single machine –Hundreds of thousands of requests/second

6 ACM CCS 2005 CPOL Policies CPOL Policy Fields Owner: The owner is the entitywhose resources are controlled by this rule. Licensee(s): The licensee is the entity or group that will receive privileges. Access token: The access token contains information about the rights assigned by this rule. Condition: CPOL verifies that the condition is true before granting the access token to the licensee(s). Sample Policy Owner: Alice Licensee: Bob AccessToken { LocationResolution = RoomLevel IdentityResolution = Name DelegationPrivileges = None } Condition { AfterTime = 9 AM BeforeTime = 5 PM InBuilding = {Library, CS} NotInRoom = {ConferenceRoom 1010 CS} }

7 ACM CCS 2005 CPOL Design Overview CPOL takes advantage of the trend that the domain of policies for a particular application is usually fairly small –Instead of presenting a highly expressive interface at runtime, restrict the domain of policies at compile-time Define access token and condition objects CPOL also exploits caching to improve performance

8 ACM CCS 2005 Defining CPOL for an Application Access Token –Define data members –Define Boolean AddAccess(newToken) – does this token have sufficient delegation privileges to add a new rule with newToken? Condition –Define data members –Define Boolean Test(state) – is the condition true given an input state?

9 ACM CCS 2005 Caching Correct invalidation is done using cache conditions –Cache Condition = Sum(Conditions) –Cache Condition is more compact than condition Example: Calculate time-to-live and highest resolution of location conditions –Invalidated when Boolean StillGood(oldState, newState) is false

10 ACM CCS 2005 Testing Methodology CPOL, KeyNote, and a MySQL database were all set up to evaluate privacy policies Three experiments –Single request processing time (CPOL, KeyNote, MySQL) –Memory consumption (CPOL) –Simulated privacy request workload in a university environment (CPOL, MySQL)

11 ACM CCS 2005 Single Request Processing Time CPOL and MySQL have O(1) processing time with respect to number of policies KeyNote takes much longer to evaluate one policy with more policies in the system

12 ACM CCS 2005 Memory Usage Important because CPOL is in memory system Memory usage is per user, role, role membership, policy (rule), and cache entry CPOL can store information for approximately 500,000 users with a 2,000,000 entry cache in 500 MB of memory

13 ACM CCS 2005 Simulated Privacy Workload Movement data was generated using custom schedule-based generator for different numbers of users Users’ privacy policies were created using information collected by surveying 30 potential users Varying update frequency from one to thirty seconds

14 ACM CCS 2005 Future Work Distribute CPOL over multiple servers to further enhance scalability –Minimize state replication between servers Deploy CPOL in a real location-aware environment –New computer science building at University of Michigan will use CPOL for privacy policy enforcement Use CPOL in other application domains such as mobile messaging

15 ACM CCS 2005 Conclusion Applications are emerging that require high- performance policy evaluation Current solutions (KeyNote and database server) are not efficient enough to handle a large workload CPOL takes advantage of caching and compiled object attributes to deliver better performance With 500 users and 5000 policies, CPOL is five to six orders of magnitude faster than KeyNote and two to three orders of magnitude faster than a MySQL implementation, depending on cache hit rate

16 ACM CCS 2005 Questions? Please contact me if you wish to obtain source code for CPOL or for the schedule- based movement generator – source code will be available online soon! E-mail: kborders@umich.edukborders@umich.edu

Download ppt "ACM CCS 2005 CPOL: High-Performance Policy Evaluation Kevin Borders Xin Zhao Atul Prakash University of Michigan."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
ONE STOP THE TOTAL SERVICE SOLUTION FOR REMOTE DEVICE MANAGMENT.

ONE STOP THE TOTAL SERVICE SOLUTION FOR REMOTE DEVICE MANAGMENT.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.

Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.
Ant Colonies As Logistic Processes Optimizers

Ant Colonies As Logistic Processes Optimizers
Online Magazine Bryan Ng. Goal of the Project Product Dynamic Content Easy Administration Development Layered Architecture Object Oriented Adaptive to.

Online Magazine Bryan Ng. Goal of the Project Product Dynamic Content Easy Administration Development Layered Architecture Object Oriented Adaptive to.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.

Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.
M1G505190 Introduction to Database Development 1. Databases and Database Design.

M1G Introduction to Database Development 1. Databases and Database Design.
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.

PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.
1/25/2000 Active Names: Flexible Location and Transport of Wide-Area Resources Luis Rivera.

1/25/2000 Active Names: Flexible Location and Transport of Wide-Area Resources Luis Rivera.
Security Management.

Security Management.
 MODERN DATABASE MANAGEMENT SYSTEMS OVERVIEW BY ENGINEER BILAL AHMAD

 MODERN DATABASE MANAGEMENT SYSTEMS OVERVIEW BY ENGINEER BILAL AHMAD
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
N-Tier Architecture.

N-Tier Architecture.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Similar presentations

Ads by Google