GAA/Apache Performance Evaluation

File sizes (in bytes) used for the experiments:
System Configuration File gaa.policy.cf: 4031
Local Configuration File gaa.linux.cf: 176
System Policy File gaa_sys.xml: 332
Local Policy File 1.eacl: 575

The average running times for the evaluation of a user request with the file sizes listed above:
(1) gaa_initialize() extracts policy and configuration files and constructs the initial context: 50ms
(2) gaa_get_object_policy_info() extracts the domain-specific policy for every user request: 0.1ms
(3) gaa_check_authorization() evaluates the policies and provides the access control decision: 0.08ms

The overhead of (1) is relativly high. However, this function is executed only once when the Apache Web Server starts. Only functions (2) and (3) are executed for every user request.

In the test above, we did not include any user authentication policy or other I/O related policy. If we introduce a user authentication policy, another 3ms (which is the running time of calling mod_auth) will be added to (3). Similarly, if we introduce I/O related actions such as file logging or email notification into our policy, comparatively high cost will also be imposed.

We beleive that the overhead from the function calls for GAA-API was negligible with relatively small configuration and policy files. We plan to measure the performance with bigger files in the future.