Session based access control in geographically replicated Internet services

Novella Bartolini

Research output: Contribution to journalArticle

Abstract

Performance critical services over Internet often rely on geographically distributed architectures of replicated servers. Content Delivery Networks (CDN) are a typical example where service is based on a distributed architecture of replica servers to guarantee resource availability and proximity to final users. In such distributed systems, network links are not dedicated, and may be subject to external traffic. This brings up the need to develop access control policies that adapt to network load changing conditions. Further, Internet services are mainly session based, thus an access control support must take into account a proper differentiation of requests and perform session based decisions while considering the dynamic availability of resources due to external traffic. In this paper we introduce a distributed architecture with access control capabilities at session aware access points. We consider two types of services characterized by different patterns of resource consumption and priorities. We formulate a Markov Modulated Poisson Decision Process for access control that captures the heterogeneity of multimedia services and the variable availability of resources due to external traffic. The proposed model is optimized by means of stochastic analysis, showing the impact of external traffic on service quality. The structural properties of the optimal solutions are studied and considered as the basis for the formulation of heuristics. The performance of the proposed heuristics is studied by means of simulations, showing that in some typical scenario they perform close to the optimum.

Original languageEnglish (US)
Pages (from-to)3763-3783
Number of pages21
JournalComputer Networks
Volume50
Issue number18
DOIs
StatePublished - Dec 21 2006

Fingerprint

Access control
Internet
Availability
Servers
Multimedia services
Structural properties

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

Bartolini, Novella. / Session based access control in geographically replicated Internet services. In: Computer Networks. 2006 ; Vol. 50, No. 18. pp. 3763-3783.
@article{2116105129d04516a0367af73671af7d,
title = "Session based access control in geographically replicated Internet services",
abstract = "Performance critical services over Internet often rely on geographically distributed architectures of replicated servers. Content Delivery Networks (CDN) are a typical example where service is based on a distributed architecture of replica servers to guarantee resource availability and proximity to final users. In such distributed systems, network links are not dedicated, and may be subject to external traffic. This brings up the need to develop access control policies that adapt to network load changing conditions. Further, Internet services are mainly session based, thus an access control support must take into account a proper differentiation of requests and perform session based decisions while considering the dynamic availability of resources due to external traffic. In this paper we introduce a distributed architecture with access control capabilities at session aware access points. We consider two types of services characterized by different patterns of resource consumption and priorities. We formulate a Markov Modulated Poisson Decision Process for access control that captures the heterogeneity of multimedia services and the variable availability of resources due to external traffic. The proposed model is optimized by means of stochastic analysis, showing the impact of external traffic on service quality. The structural properties of the optimal solutions are studied and considered as the basis for the formulation of heuristics. The performance of the proposed heuristics is studied by means of simulations, showing that in some typical scenario they perform close to the optimum.",
author = "Novella Bartolini",
year = "2006",
month = "12",
day = "21",
doi = "10.1016/j.comnet.2006.03.007",
language = "English (US)",
volume = "50",
pages = "3763--3783",
journal = "Computer Networks",
issn = "1389-1286",
publisher = "Elsevier",
number = "18",

}

Session based access control in geographically replicated Internet services. / Bartolini, Novella.

In: Computer Networks, Vol. 50, No. 18, 21.12.2006, p. 3763-3783.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Session based access control in geographically replicated Internet services

AU - Bartolini, Novella

PY - 2006/12/21

Y1 - 2006/12/21

N2 - Performance critical services over Internet often rely on geographically distributed architectures of replicated servers. Content Delivery Networks (CDN) are a typical example where service is based on a distributed architecture of replica servers to guarantee resource availability and proximity to final users. In such distributed systems, network links are not dedicated, and may be subject to external traffic. This brings up the need to develop access control policies that adapt to network load changing conditions. Further, Internet services are mainly session based, thus an access control support must take into account a proper differentiation of requests and perform session based decisions while considering the dynamic availability of resources due to external traffic. In this paper we introduce a distributed architecture with access control capabilities at session aware access points. We consider two types of services characterized by different patterns of resource consumption and priorities. We formulate a Markov Modulated Poisson Decision Process for access control that captures the heterogeneity of multimedia services and the variable availability of resources due to external traffic. The proposed model is optimized by means of stochastic analysis, showing the impact of external traffic on service quality. The structural properties of the optimal solutions are studied and considered as the basis for the formulation of heuristics. The performance of the proposed heuristics is studied by means of simulations, showing that in some typical scenario they perform close to the optimum.

AB - Performance critical services over Internet often rely on geographically distributed architectures of replicated servers. Content Delivery Networks (CDN) are a typical example where service is based on a distributed architecture of replica servers to guarantee resource availability and proximity to final users. In such distributed systems, network links are not dedicated, and may be subject to external traffic. This brings up the need to develop access control policies that adapt to network load changing conditions. Further, Internet services are mainly session based, thus an access control support must take into account a proper differentiation of requests and perform session based decisions while considering the dynamic availability of resources due to external traffic. In this paper we introduce a distributed architecture with access control capabilities at session aware access points. We consider two types of services characterized by different patterns of resource consumption and priorities. We formulate a Markov Modulated Poisson Decision Process for access control that captures the heterogeneity of multimedia services and the variable availability of resources due to external traffic. The proposed model is optimized by means of stochastic analysis, showing the impact of external traffic on service quality. The structural properties of the optimal solutions are studied and considered as the basis for the formulation of heuristics. The performance of the proposed heuristics is studied by means of simulations, showing that in some typical scenario they perform close to the optimum.

UR - http://www.scopus.com/inward/record.url?scp=33749080977&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33749080977&partnerID=8YFLogxK

U2 - 10.1016/j.comnet.2006.03.007

DO - 10.1016/j.comnet.2006.03.007

M3 - Article

VL - 50

SP - 3763

EP - 3783

JO - Computer Networks

JF - Computer Networks

SN - 1389-1286

IS - 18

ER -