An Access Control Implementation Targeting Resource-constrained Environments
Proceedings of 15th International Conference on Network and Service Management, CNSM 2019
TC6 Open Digital Library
As more and more services are deployed on devices near the network edge, security operations (such as authentication and authorization) need to move with them. Typically, edge devices have fewer resources than data center servers and so the security operations need to make more efficient use of what is available while offering adequate performance. Authorization adds latency and requires system resources, but the need for security management with strong authorization at the network edge is growing. We have released the first open source, high-performance, resource-efficient, XACML3 standard-compatible Policy Decision Point (PDP) called Luas (means “speed” in the Irish language) based on an event-driven architecture and a non-blocking computational model, using a Bloom Filter for better performance. We compared its performance, resource usage andreliability against existing open source PDPs. Like those we tested, it provides accurate decisions, but Luas offers much faster security policy evaluation while using fewer system resources, and provides responses in a reasonable timeframe even when resources are scarce.