A Latency-Aware Secure Data Access Model for Cloud-Native Web and Mobile Platforms
Main Article Content
Abstract
Cloud-native web and mobile applications require highly secure yet ultra-low-latency data access to ensure optimal user experience (UX) and transaction speed. Traditional security models often introduce significant latency overheads due to complex, synchronous authentication and authorization checks.1 This paper proposes a Latency-Aware Secure Data Access Model (LASDAM) designed to decouple robust security enforcement from the critical path of data retrieval and modification. The model employs a hybrid authorization strategy, combining lightweight, decentralized token-based authorization for high-volume read operations with stricter, synchronous Policy-as-Code (PaC) enforcement for sensitive write operations. Key architectural elements include a security proxy layer for request interception and a tiered caching mechanism for policy and access tokens. The empirical evaluation, conducted under varying network conditions and high-throughput scenarios, demonstrated that LASDAM achieved a 95th percentile (P95) read latency reduction of up to 45% compared to a fully synchronous security model, while maintaining a $100\%$ security efficacy rate against common data access violations. This demonstrates a viable path to integrating high-security standards without sacrificing the performance required by modern consumer platforms.
Article Details
Section
How to Cite
References
1. Al-Wadi, R. A., & Maaita, A. A. (2023). Authentication and role-based authorization in microservice architecture: A generic performance-centric design. Journal of Advances in Information Technology, 14(4), 758–768. https://doi.org/10.12720/jait.14.4.758-768
2. Hardt, D. (Ed.). (2012). The OAuth 2.0 authorization framework (RFC 6749). Internet Engineering Task Force. https://doi.org/10.17487/RFC6749
3. Jones, M., Bradley, J., & Sakimura, N. (2015). JSON Web Token (JWT) (RFC 7519). Internet Engineering Task Force. https://doi.org/10.17487/RFC7519
4. Vangavolu, S. V. (2025). THE LATEST TRENDS AND DEVELOPMENT IN NODE.JS (7th ed., pp. 7715-7726). International Research Journal of Modernization in Engineering Technology and Science. https://doi.org/https://www.doi.org/10.56726/IRJMETS70150
5. Krintz, C., & Wolski, R. (2009). Using decoupled and asynchronous approaches to improve cloud performance and scalability. In Proceedings of the 2009 IEEE International Conference on Cloud Computing (CLOUD) (pp. 53–60). IEEE.
6. Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture (NIST Special Publication 800-207). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207
7. Tsung (n.d.). Tsung: An open-source multi-protocol distributed load testing tool.
8. Vogels, W. (2008). A decade of Dynamo: Lessons from high-scale distributed systems. ACM Queue, 6(6).
9. Kolla, S. (2025). CrowdStrike's Effect on Database Security (14th ed., pp. 733-737). International Journal of Innovative Research in Science Engineering and Technology. https://doi.org/https://www.doi.org/10.15680/IJIRSET.2025.1401103
10. Wiesner, L., Pautasso, E., & Gschwind, S. (2020). The impact of authorization mechanisms on microservice performance: A comprehensive study. In Proceedings of the 13th IEEE International Conference on Cloud Computing (pp. 143–152). IEEE.