Web Application Security Gateway with Java Non-blocking IO
We present the design and implementation of the WebDaemon Security Gateway (WDSG) with the techniques of event-driving, non-blocking IO multiplexing, secure cookies, SSL and caches based on PKI framework and role-based access control (RBAC) policy. It not only supports massive concurrency and avoids the pitfalls of traditional block I/O based design, but also is able to secure all the resources of an enterprise and reduce the cost and complexity of administration.
KeywordsAccess Control Average Response Time Access Control Policy Cache Object Discretionary Access Control
Unable to display preview. Download preview PDF.
- 4.SUN New I/O APIs, http://java.sun.com/j2se/1.4.2/docs/guide/nio/
- 6.Housley, R., Ford, W., Polk, W., Solo, D.: Citicorp: Internet x. 509 public key infrastructure certificate and crl profile, network working group request for comments: 2459 category. Standards track (1999), http://www.ietf.org/rfc/rfc2459.txt
- 7.Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29, 38–47 (1996)Google Scholar
- 8.Al-Kahtani, M.A., Sandhu, R.: A model for attribute-based user-role assignment. In: Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, USA, pp. 353–362 (2002)Google Scholar
- 9.Rodriguez, P., Sibal, S.: Spread: scalable platform for reliable and efficient automated distribution. The International Journal of Computer and Telecommunications Networking 33, 33–49 (2000)Google Scholar
- 10.Beltran, V., Carrera, D., Torres, J., Ayguade, E.: Evaluating the scalability of java event-driven web server. Intelligent Computer Communication and Processing 0, 134–142 (2004)Google Scholar
- 11.American National Standards Institute, Inc. Role-based access control. ANSI INCITS 359-2004, http://csrc.nist.gov/rbac/