Poster: Speculative Authorizations Pranab Kini (student) and Konstantin Beznosov (faculty) University of British Columbia Vancouver, Canada {pranabk,beznosov}@ece.ubc.ca 1 Introduction As Internet has become the primary source of dissem- inating information, companies and government organiza- tion are increasingly opening their IT infrastructure to give external customers and partners access to resources and in- ternal users to various corporate data [6]. Authorization policies regulate access to these resources making them extremely important in protecting IT infrastructure. Mod- ern access control architectures follow the request-response paradigm. In this architecture, Policy Enforcement Point ‘PEP’ intercepts application requests made by subjects. These are converted to authorization requests and sent to Policy Decision Point ‘PDP’ which computes authoriza- tion responses and sends it back to PEP. PEP then ‘al- lows/denies’ access to subjects based on response received. In a large-scale enterprise system, making authoriza- tion decisions is often computationally expensive due to the complexity of the policies involved and the large size of the resource and user populations. Given today’s trends, com- puting resources and network bandwidth will become more and more affordable, yet network latency will remain an ob- stacle. Pre-computing authorizations in advance and deliv- ering them to the PEP cache will enable new tradeoffs be- tween processor/network utilization and network delays [2]. We report preliminary results of investigating what we la- beled as “speculative authorizations.” There exists a substantial body of literature in the area of predicting web page access that can be closely related to our work [1, 3, 4, 7, 9, 8, 10]. However there exists major differences between predicting web page visits and authorizations. Authorization policies are based on subject attributes, group information, roles etc, which we term fea- tures. Thus resources that are accessible to a certain group of subjects might not be accessible to others. Also permis- sions available for subjects vary over resources. Models used for training web pages consider only subjects and re- sources and don’t consider features that they possess. Such models would generate responses to resources that certain category of subjects would never request and unnecessarily populate the PEP cache. This reduces sensitivity of algo- rithm. On the other hand, including more features during training increases the complexity of algorithm. Thus opti- mal feature selection is important in case of authorization prefetching. This is the core difference between predicting web page and authorization requests. Also, the number of web pages that a user can reach from a given web page is fixed [1, 7]. In the case of authoriza- tions, this assumption must be relaxed for some applica- tions, which increases the complexity of predicting autho- rizations because almost all objects in the system need to be considered. The small storage size of each access control decision, compared to the size of a web page is another chal- lenge because more responses can be accommodated in PEP cache. The challenge here is to obtain those requests that are not present in the cache at a given instance but would be needed to process a particular request at future time. Another major difference between the two is that subjects can add resources at runtime in enterprise systems. This is contrary to the idea proposed in prefetching web pages that assumes that the number of resources (web pages) on a website are the same throughout. Thus none of the above models can handle web pages being added at run time. 2 Approach Our approach is twofold. To prefetch responses to re- sources already present in the system, we train our predic- tion model based on past behavior of subjects. Secondly, to accommodate run-time addition of resources, we adapted the model presented by Goldenberg et al. [5] First, we train our model using log traces of applica- tion where our model would be implemented. Contrary to the idea of prefetching by simply training using n th or- der Markov Models [1, 4, 8] or n-grams [9], we try to de- velop relationship between two resources and their associ- ated permissions. In this process, we try to find the an- swer to this question “Given that a subject has requested permission on certain resource, what are the chances that she would request some permission on same or other re-