On the Modelling of the Influence of Access Control Management to the System Security and Performance

Katarzyna Mazur, Bogdan Ksiezopolski, Adam Wierzbicki

Abstract

To facilitate the management of permissions in complex secure systems, the concept of reference models for role-based access control (RBAC) has been proposed. However, among many existing RBAC analyses and implementations, there still exists the lack of the evaluation of its impact on the overall system performance. In this paper, to reduce this deficiency, we introduce an initial approach towards estimation of the influence of the most common access control mechanism on the system efficiency. Modelling RBAC in Quality of Protection Modelling Language (QoP-ML), we analyse a real enterprise business scenario and report obtained results, focusing on time and resource consumption.

References

  1. (2007). Performance Analysis of Security Aspects in UML Models. Proceedings of the 6th International Workshop on Software and Performance.
  2. (2010). A Comparison of Security Analysis Techniques for RBAC Models. Proceedings of the 2nd Annual CCWIC.
  3. B.Ksiezopolski, Z.Kotulski, and P.Szalachowski (2011). On qop method for ensuring availability of the goal of cryptographic protocols in the real-time systems. pages 195-202. European Teletraffic Seminar.
  4. Jürjens, J. (2005). Secure System Development with UML. Springer.
  5. Jürjens, J. (2011). Security and compliance in clouds. In Security and Compliance in Clouds. 4th Pan-European Conference, IT-Compliance.
  6. Ksiezopolski, B. (2012a). The official web page of the qopml project.
  7. Ksiezopolski, B. (2012b). Qop-ml: Quality of protection modelling language for cryptographic protocols. Computers & Security, 31:569-596.
  8. Ksiezopolski, B., Kotulski, Z., and Szalachowski, P. (2009). Adaptive approach to network security. CCIS, 158:233-241.
  9. Ksiezopolski, B., Rusinek, D., and Wierzbicki, A. (2013). On the efficiency modelling of cryptographic protocols by means of the quality of protection modelling language (qop-ml). LNCS, 7804:261-270.
  10. Lodderstedt, T., Basin, D., and Doser, J. (2002). Secureuml: A uml-based modeling language for model-driven security. LNCS, 2460:426-441.
  11. Mansour, I., Rusinek, D., Chalhoub, G., Lafourcade, P., and Ksiezopolski, B. (2014). Multihop node authentication mechanisms for wireless sensor networks. LNCS, 8487:402-418.
  12. Matulevicius, R., Lakk, H., and M.Lepmets (2011). An approach to assess and compare quality of security models. ComSIS, 8.
  13. O'Connor, A. and Loomis, R. (2010). Economic analysis of role-based access control. National Institute of Standards and Technology.
  14. Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. (1996). Role-based access control models. IEEE Computer.
  15. Savola, R. (2013). Quality of security metrics and measurements. Computers & Security, 37:78-90.
  16. Sklavos, N., Kitsos, P., Papadopoulos, K., and Koufopavlou, O. (2006). Design, architecture and performance evaluation of the wireless transport layer security. The Journal of Supercomputing, 36:33-50.
  17. Stubblefield, A., Rubin, A., and Wallach, D. S. (2005). Managing the performance impact of web security. Electronic Commerce Research, 5:99-116.
Download


Paper Citation


in Harvard Style

Mazur K., Ksiezopolski B. and Wierzbicki A. (2015). On the Modelling of the Influence of Access Control Management to the System Security and Performance . In Proceedings of the 17th International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-097-0, pages 346-354. DOI: 10.5220/0005378203460354


in Bibtex Style

@conference{iceis15,
author={Katarzyna Mazur and Bogdan Ksiezopolski and Adam Wierzbicki},
title={On the Modelling of the Influence of Access Control Management to the System Security and Performance},
booktitle={Proceedings of the 17th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2015},
pages={346-354},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005378203460354},
isbn={978-989-758-097-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 17th International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - On the Modelling of the Influence of Access Control Management to the System Security and Performance
SN - 978-989-758-097-0
AU - Mazur K.
AU - Ksiezopolski B.
AU - Wierzbicki A.
PY - 2015
SP - 346
EP - 354
DO - 10.5220/0005378203460354