Abstract
Though traditional authorization models can ensure the security of equipment, they don’t offer promise both for good quality of service and for strong system robustness. Therefore, this paper presents a semi-distributed authorization model which splits the single decision point into two roles: core-authorization decision point and sub-authorization decision point. In this model, several decision points can provide authorization service for one and the same equipment. The experimental results prove that this model can effectively reduce authorization service time and has some marked advantages on system robustness.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Liu, A.X., Chen, F., Hwang, J.H., et al.: Designing fast and scalable xacml policy evaluation engines. IEEE Trans. Comput. 60(12), 1802–1817 (2011)
Marouf, S., Shehab, M., Squicciarini, A., et al.: Adaptive reordering and clustering-based framework for efficient XACML policy evaluation. IEEE Trans. Serv. Comput. 4(4), 300–313 (2011)
Kohler, M, Brucker, A.D.: Access control caching strategies: an empirical evaluation. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics, p. 8. ACM (2010)
Hilliker, J.: Speculative authorization. In: Second EECE 512 Mini-Conference on Computer Security, p. 9 (2007)
Oliveira, L.M.L., Rodrigues, J.J.P.C., Neto, C., et al.: Network admission control solution for 6LoWPAN networks. In: 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 472–477. IEEE (2013)
Arkko, J., Eronen, P., Tschofenig, H., et al.: Quick NAP-secure and efficient network access protocol. In: Proceedings of 6th International Workshop on Applications and Services in Wireless Networks (ASWN 2006), pp. 163–170 (2006)
La Padula, L.J.: Formal modeling in a generalized framework for access control. In: Proceedings of Computer Security Foundations Workshop III, pp. 100–109. IEEE (1990)
Yuyang, Z., Linxian, Z.: The feasibility of endpoint admission defense in the reconstruction of network security. J. Lishui Univ. 2, 018 (2007)
Huangguo, Z., Lu, C., Liqiang, L.: Research on trusted network connection. Chin. J. Comput. 33(1), 706–717 (2010)
CERNET topology: http://www.edu.cn/20010101/21585.shtml
Acknowledgement
This work is supported by Specialized Research Fund for the Doctoral Program of Higher Education of China (20114307110006) “Research on Technology of Network Quality of Service based on Network Virtualization”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Gao, X., Zhang, X., Wang, B., Shi, H. (2015). An Improved Authorization Model in Trust Network. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 153. Springer, Cham. https://doi.org/10.1007/978-3-319-23802-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-23802-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23801-2
Online ISBN: 978-3-319-23802-9
eBook Packages: Computer ScienceComputer Science (R0)