JAMES: Junk Authorizations for Massive-scale Enterprise Services

The request-response paradigm used for distributed access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and sub-efficient solutions. The architectures also fail to exploit virtually free CPU and network bandwidth resources. This talk describes the approach taken by JAMES project to leverage publish-subscribe architectures for increasing failure resilience and performance through flooding delivery channels with speculatively pre-computed authorizations and recycling them on just-in-time basis. The talk also provides a brief overview of other research projects conducted at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE), the University of British Columbia, Vancouver, Canada