Caching Strategies: An Empirical Evaluation

By Mathias Kohler and Achim D. Brucker.

Modern enterprise systems comprise a fine-grained enforcement of complex access control policies. Consequently, the efficient evaluation of security policies is a significant factor for the overall system performance. Moreover, modern enterprise systems are inherently based on process and workflow models. These models enable new approaches for improving the performance of security evaluations.

Caching is widely used for improving the performance and the reliability of systems. The dynamic nature of today’s workflow systems, both in terms of changing workflows and in terms of dynamic security policies impose particular challenges on the caching of access control decisions.

We present a caching strategy that exploits business process models for avoiding cache misses. Moreover, we provide a detailed performance analysis of different caching strategies for static and dynamic aspects of access control policies, providing the required metrics for informed design decisions.

Keywords:
Business Process Security, Access Control, Caching

Please cite this work as follows:
M. Kohler and A. D. Brucker, “Caching strategies: An empirical evaluation,” in International workshop on security measurements and metrics (MetriSec), New York, NY, USA: ACM Press, 2010, pp. 1–8. doi: 10.1145/1853919.1853930. Author copy: http://logicalhacking.com/publications/kohler.ea-caching-2010/

BibTeX
@InCollection{ kohler.ea:caching:2010,
  author       = {Mathias Kohler and Achim D. Brucker},
  booktitle    = {International Workshop on Security Measurements and Metrics
                  (MetriSec)},
  language     = {USenglish},
  title        = {Caching Strategies: An Empirical Evaluation},
  year         = {2010},
  copyright    = {ACM},
  copyrighturl = {https://dl.acm.org/authorize?399969},
  areas        = {security, software,bpm},
  keywords     = {Business Process Security, Access Control, Caching},
  abstract     = {Modern enterprise systems comprise a fine-grained enforcement
                  of complex access control policies. Consequently, the
                  efficient evaluation of security policies is a significant
                  factor for the overall system performance. Moreover, modern
                  enterprise systems are inherently based on process and
                  workflow models. These models enable new approaches for
                  improving the performance of security evaluations.
                  
                  Caching is widely used for improving the performance and the
                  reliability of systems. The dynamic nature of today's workflow
                  systems, both in terms of changing workflows and in terms of
                  dynamic security policies impose particular challenges on the
                  caching of access control decisions.
                  
                  We present a caching strategy that exploits business process
                  models for avoiding cache misses. Moreover, we provide a
                  detailed performance analysis of different caching strategies
                  for static and dynamic aspects of access control policies,
                  providing the required metrics for informed design
                  decisions.},
  isbn         = {978-1-4503-0340-8},
  pages        = {1--8},
  location     = {Bolzano, Italy},
  doi          = {10.1145/1853919.1853930},
  publisher    = {ACM Press },
  address      = {New York, NY, USA },
  note         = {Author copy: \url{http://logicalhacking.com/publications/kohler.ea-caching-2010/}},
}