https://research.google/pubs/pub48190/

 
Google Research
Google Research Logo
Google Research
Google Research Logo
Philosophy
Research Areas
Publications
People
Tools & Downloads
Outreach
Careers
Blog
Publications >

Zanzibar: Google's Consistent, Global Authorization System

  * Ruoming Pang
  * Ramon Caceres
  * Mike Burrows
  * Zhifeng Chen
  * Pratik Dave
  * Nathan Germer
  * Alexander Golynski
  * Kevin Graney
  * Nina Kang
  * Lea Kissner
  * Jeffrey L. Korn
  * Abhishek Parmar
  * Christopher D. Richards
  * Mengzhi Wang

2019 USENIX Annual Technical Conference (USENIX ATC '19), Renton, WA
Download Google Scholar Copy Bibtex

Abstract

Determining whether online users are authorized to access digital
objects is central to preserving privacy. This paper presents the
design, implementation, and deployment of Zanzibar, a global system
for storing and evaluating access control lists. Zanzibar provides a
uniform data model and configuration language for expressing a wide
range of access control policies from hundreds of client services at
Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube.
Its authorization decisions respect causal ordering of user actions
and thus provide external consistency amid changes to access control
lists and object contents. Zanzibar scales to trillions of access
control lists and millions of authorization requests per second to
support services used by billions of people. It has maintained
95th-percentile latency of less than 10 milliseconds and availability
of greater than 99.999% over 3 years of production use.

Research Areas

Distributed Systems and Parallel Computing

Security, Privacy and Abuse Prevention

Learn more about how we do research

We maintain a portfolio of research projects, providing individuals
and teams the freedom to emphasize specific types of work

Our Research Philosophy
Google
Privacy Terms About Google Google Products
Feedback