Session based access control in geographically replicated Internet services

Novella Bartolini

Research output: Contribution to journalArticlepeer-review


Performance critical services over Internet often rely on geographically distributed architectures of replicated servers. Content Delivery Networks (CDN) are a typical example where service is based on a distributed architecture of replica servers to guarantee resource availability and proximity to final users. In such distributed systems, network links are not dedicated, and may be subject to external traffic. This brings up the need to develop access control policies that adapt to network load changing conditions. Further, Internet services are mainly session based, thus an access control support must take into account a proper differentiation of requests and perform session based decisions while considering the dynamic availability of resources due to external traffic. In this paper we introduce a distributed architecture with access control capabilities at session aware access points. We consider two types of services characterized by different patterns of resource consumption and priorities. We formulate a Markov Modulated Poisson Decision Process for access control that captures the heterogeneity of multimedia services and the variable availability of resources due to external traffic. The proposed model is optimized by means of stochastic analysis, showing the impact of external traffic on service quality. The structural properties of the optimal solutions are studied and considered as the basis for the formulation of heuristics. The performance of the proposed heuristics is studied by means of simulations, showing that in some typical scenario they perform close to the optimum.

Original languageEnglish (US)
Pages (from-to)3763-3783
Number of pages21
JournalComputer Networks
Issue number18
StatePublished - Dec 21 2006

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications


Dive into the research topics of 'Session based access control in geographically replicated Internet services'. Together they form a unique fingerprint.

Cite this