DB Meeting - Data Structures for Fast Access Control in ECM Systems (MMath Thesis Presentation)

Wednesday, July 16, 2014 2:30 pm - 2:30 pm EDT (GMT -04:00)
Export this event to calendar
iCal
Speaker: Zhiping Wu
Abstract: While many access control models have been proposed, little work has been done on the efficiency of access control systems. Because the access control sub-system of an Enterprise Content Management (ECM) system may be a bottleneck, we investigate the representation of permissions to improve its efficiency. Observing that there are many browsing-oriented permission request queries, we choose to implement a subject-oriented representation (i.e., maintaining a permission list for each subject). Additionally, we notice that we may encounter many contiguous IDs under one object (e.g., folder) with breadth-firrst ID numbering.
To optimize the efficiency taking into account the above two characteristics, this thesis presents a space-efficient data structure specifically tailored for representing permission lists in ECM systems. Besides the space efficiency, checking, granting or revocation of a permission is very fast using our data structure. It also supports fast union of two or more permission lists (determining the effective permissions inherited from users' groups). In addition, our data structure is scalable to support any increase in the number of objects and subjects.
We evaluate our representation by comparing it against the bitmap based representation and a hash table based representation while using random ID numbering and breadth-first numbering, respectively. Our experimental tests on both synthetic and real-world data show that the hash table outperforms our representation for regular permission queries (i.e., querying permissions on a single object each time) as well as browsing-oriented queries with random ID numbering. However, our tests also show that 1) our representation supports faster browsing-oriented queries with breadth-first ID numbering applied while consuming only half the space when compared to the hash table based representation, and 2) our representation is much more space and time efficient than the bitmap based representation for our application.
Location Information
Location Address: DC - William G. Davis Computer Research Centre
200 University Avenue West
Room 1331
Waterloo, ON, CA  N2L 3G1
Location coordinates:
Link to map: https://www.google.ca/maps/place/Davis+Centre+Library/@43.4720375,-80.5457127,17z/data=!4m8!1m2!2m1!1sdc+uw!3m4!1s0x882bf401b75d49ef:0xbfcdb8b1e5ec45c4!8m2!3d43.472714!4d-80.5421904?dcr=0