The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.04 - April (2013 vol.24)
pp: 814-824
P. Kini , Dept. of Electr. & Comput. Eng., Univ. of British Columbia, Vancouver, BC, Canada
K. Beznosov , Dept. of Electr. & Comput. Eng., Univ. of British Columbia, Vancouver, BC, Canada
ABSTRACT
We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. SPAN predicts requests that a system client might make in the near future, based on its past behavior. SPAN allows authorization decisions for the predicted requests to be made before the requests are issued, thus virtually reducing the authorization latency to zero. We developed SPAN algorithms, implemented a prototype, and evaluated it using two real-world data traces and one synthetic data trace. The results of our evaluation suggest that systems employing SPAN are able to achieve a reduced authorization latency for almost 60 percent of the requests. We analyze the tradeoffs between the hit rate and the precision of SPAN predictions, which directly affect the corresponding computational overhead. We also compare the benefits of deploying both caching and SPAN together, and find that SPAN can effectively improve the performance of those systems which have caches of a smaller size.
INDEX TERMS
performance evaluation, authorisation, business data processing, performance improvement, speculative authorization, prediction technique, authorization latency reduction, enterprise systems, system client, authorization decisions, SPAN algorithms, data traces, SPAN predictions, computational overhead, Authorization, Training, Web pages, Markov processes, Prediction algorithms, Predictive models, Testing, prediction, Access control, machine learning
CITATION
P. Kini, K. Beznosov, "Speculative Authorization", IEEE Transactions on Parallel & Distributed Systems, vol.24, no. 4, pp. 814-824, April 2013, doi:10.1109/TPDS.2012.172
REFERENCES
[1] G. Karjoth, "Access Control with IBM Tivoli Access Manager," ACM Trans. Information and Systems Security, vol. 6, no. 2, pp. 232-257, 2003.
[2] J. Nielsen, Usability Engineering. Morgan Kaufmann Publishers Inc., 1993.
[3] R. Kohavi, R.M. Henne, and D. Sommerfield, "Practical Guide to Controlled Experiments on the Web: Listen to Your Customers Not to the Hippo," Proc. 13th ACM SIGKDD Int'l Conf. Knowledge Discovery and Data Mining (KDD '07), pp. 959-967, 2007.
[4] L. Bauer, M.A. Schneider, and E.W. Felten, "A General and Flexible Access-Control System for the Web," Proc. 11th USENIX Security Symp., pp. 93-108, http://citeseerx.ist.psu.edu/viewdocsummary?doi=10.1.1.1.2230 , Aug. 2002.
[5] J. Bregman, B. Eidelman, and C. Johnson, "Oracle Fusion Middleware Security," http://fusionsecurity.blogspot.com/2009/ 10impact-of-oracle-entitlement-serv er-oes.html, 2009.
[6] M. Awad, L. Khan, and B. Thuraisingham, "Predicting WWW Surfing Using Multiple Evidence Combination," Int'l J. Very Large Data Bases, vol. 13, pp. 401-417, 2008.
[7] M. Deshpande and G. Karypis, "Selective Markov Models for Predicting Web Page Accesses," ACM Trans. Internet Technology, vol. 4, no. 2, pp. 163-184, 2004.
[8] I. Cadez, D. Heckerman, C. Meek, P. Smyth, and S. White, "Model-Based Clustering and Visualization of Navigation Patterns on a Web Site," Data Mining Knowledge Discovery, vol. 7, no. 4, pp. 399-424, 2003.
[9] R. Sen and M. Hansen, "Predicting Web Users' Next Access Based on Log Data," J. Computational and Graphical Statistics, vol. 12, no. 1, pp. 1-13, 2005.
[10] Z. Su, Q. Yang, Y. Lu, and H. Zhang, "Whatnext: A Prediction System for Web Requests Using N-Gram Sequence Models," Proc. First Int'l Conf. Web Information Systems Eng., pp. 214-221, June 19-20, 2000.
[11] G. Bonnin, A. Brun, and A. Boyer, "A Low-Order Markov Model Integrating Long-Distance Histories for Collaborative Recommender Systems," Proc. 13th Int'l Conf. Intelligent User Interfaces (IUI '09), pp. 57-66, Jan. 13-16, 2009.
[12] B. Mobasher, H. Dai, T. Luo, and M. Nakagawa, "Effective Personalization Based on Association Rule Discovery from Web Usage Data," Proc. Third Int'l Workshop Web Information and Data Management (WIDM '01), pp. 9-15, Nov. 9, 2001.
[13] Q. Yang, T. Li, and K. Wang, "Building Association-Rule Based Sequential Classifiers for Web-Document Prediction," Data Mining Knowledge Discovery, vol. 8, no. 3, pp. 253-273, 2004.
[14] J. Pitkow and P. Pirolli, "Mining Longest Repeating Subsequences to Predict World Wide Web Surfing," Proc. Second Conf. USENIX Symp. Internet Technologies and Systems (USITS '99), pp. 13-13, Oct. 11-14, 1999.
[15] D.M. Blei, A.Y. Ng, and M.I. Jordan, "Topic Modeling," J. Machine Learning Research, vol. 3, pp. 993-1022, 2003.
[16] "Blackboard Vista, a Course Management System," http:/www.blackboard.com/, 2012.
[17] A. Nazir, S. Raza, and C.-N. Chuah, "Unveiling Facebook: A Measurement Study of Social Network Based Applications," Proc. Eighth ACM SIGCOMM Conf. Internet Measurement (IMC '08), 2008. pp. 43-56,
[18] L. Adamic and B. Huberman, "Zipf's Law and the Internet," Glottometrics, vol. 3, no. 1, pp. 143-50, 2002.
[19] Z. Kalbarczyk, R.K. Lyer, and L. Wang, "Application Fault Tolerance with Armor Middleware," IEEE Internet Computing, vol. 9, no. 2, pp. 28-38, 2005.
[20] J. Crampton, W. Leung, and K. Beznosov, "Secondary and Approximate Authorizations Model and its Application to Bell-LaPadula Policies," Proc. 11th ACM Symp. Access Control Models and Technologies (SACMAT '06), pp. 111-120, http://portal. acm.orgcitation.cfm?id=1133075 , June 7-9, 2006.
[21] Q. Wei, M. Ripeanu, and K. Beznosov, "Cooperative Secondary Authorization Recycling," Proc. 16th ACM/IEEE Int'l Symp. High-Performance Distributed Computing (HPDC). pp. 65-74, June 27-29, 2007.
[22] D.E. Bell and L.J. LaPadula, "Secure Computer Systems: Mathematical Foundations," Technical Report ESD-TR-74-244, MITRE, Mar. 1973.
[23] ANSI, "ANSI INCITS 359-2004 for Role Based Access Control," Am. Nat'l Standards Inst., 2004.
[24] Q. Wei, J. Crampton, K. Beznosov, and M. Ripeanu, "Authorization Recycling in RBAC Systems," Proc. 13th ACM Symp. Access Control Models and Technologies (SACMAT). pp. 63-72, http://portal.acm.orgcitation.cfm?id=1377836.1377848 , June 11-13, 2008.
[25] M. Kohler and A. Schaad, "Proactive Access Control for Business Process-Driven Environments," Proc. Ann. Computer Security Applications Conf. (ACSAC '08), pp. 153-162, Dec. 8-12, 2008.
[26] B.D. Davison, Learning Web Request Patterns. Springer, pp. 435-460, 2004.
[27] D. Heckerman, "A Tutorial on Learning with Bayesian Networks," technical report, Microsoft Research, ftp://ftp.research. microsoft.com/pub/tr tr-95-06.pdf, 1995.
[28] A.P. Dempster, N.M. Laird, and D.B. Rubin, "Maximum Likelihood from Incomplete Data Via the EM Algorithm," J. Royal Statistical Soc., Series B, vol. 39, no. 1, pp. 1-38, 1977.
[29] M. Arlitt and T. Jin, "1998 World Cup Web Site Access Logs," http://www.acm.org/sigcommITA/, 1998.
[30] A. Nazir, S. Raza, and C.-N. Chuah, "Online Social Networks: Anonymized Data from Third-Party Facebook Applications," http://www.ece.ucdavis.edu/rubinetdata.html , 2008.
[31] Q. Wei, "Towards Improving the Availability and Performance of Enterprise Authorization Systems," PhD dissertation, Electrical and Computer Eng., The Univ. British Columbia, 2009.
40 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool