In this paper, we describe the problems that affect availability in BGP, such as vulnerability to attacks, slow convergence time, and lack of scalability. These problems arise from the basic assumption of BGP: every router has to cooperate to make routing work. We propose a new routing system, feedback based routing, which bifurcates structural information and dynamic information. Only structural information is propagated. Dynamic information is discovered by the routers based on feedback and probes. Routing decisions are made based on the dynamic information. We argue that this system is resilient to minority compromises in the infrastructure, provides higher availability than BGP, and can scale to the size of the Internet of the future.
Role-Based Access Control (RBAC) has the potential both to simplify administration and improve an organization's security. But for non-trivial configurations, there is a conflict between defining fine-grained roles which adhere to the principle of least privilege, and coarse-grained roles which simplify administration by reducing configuration complexity. In this paper we propose OnPar, a multi-objective role mining approach which introduces minimization of unnecessary privilege as a role mining objective, along with an associated unnecessary privilege metric. These allow an RBAC configuration's level of adherence to the principle of least privilege to be reasoned about and traded off against other objectives, including minimization of configuration complexity. A key feature of our approach is the elimination of user tuning of global optimization weights. We show experimentally that this tuning typically leads to the evaluation of sub-optimal candidates, while still missing many optimal candidates. To avoid these issues we leverage Pareto optimality and introduce multi-stage Pareto filtering and the hypervolume indicator to role mining. Their use allows OnPar to efficiently select a small set of candidates for evaluation by the administrator, which are equal best and representative of the full range of trade-offs that were found. Our experimental results demonstrate the effectiveness of this approach across a wide range of input configurations. CCS CONCEPTS • Security and privacy → Information accountability and usage control; Access control; • Information systems → Data mining.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2025 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.