Computer Science

Computer Science ›› 2018, Vol. 45 ›› Issue (9): 224-229.doi: 10.11896/j.issn.1002-137X.2018.09.037

• Software & Database Technology • Previous Articles     Next Articles

XACML Policy Query Method Based on Attribute And/Or Matrix and Type Analysis

HAN Dao-jun1,2, YUAN Wan-li2, DUAN Xiao-yu2, ZHANG Lei2   

  1. Institute of Data and Knowledge Engineering,Henan University,Kaifeng,Henan 475004,China1
    School of Computer and Information Engineering,Henan University,Kaifeng,Henan 475004,China2
  • Received:2017-08-08 Online:2018-09-20 Published:2018-10-10

PDF (PC)

600

Abstract: The description and execution of access control policy is an important way of information resource protection,which affects system’s operational running.In view of the poor efficiency of evaluation,some researchers have proposed the policy evaluation methods based on attribute cache and reordering,which improve the efficiency of policy eva-luation,but they still fail to solve the problem that the policy evaluation needs to traverse all relevant rules.To focus on this problem,after the analysis about the characteristics of the XACML policy description,a XACML policy query method based on attribute and/or matrix and type analysis was proposed in this paper,which can reduce the number of matching during policy evaluation.This method modifies the processing of the existing Context Handler,and adds a preprocessing phase which will match access control rule.During the preprocessing phase,the discriminations are calculated for each rule attributes.The irrelative rules for current access control request can be filtered by the attribute and/or matrix and the discriminations.The proposed method can improve the efficiency of policy evaluation by matching the filtered rule set.Experimental results verify its efficiency.

Key words: Attribute and/or matrix, Discrimination, Type analysis, XACML

CLC Number: 

  • TP309
[1]WANG Y Z,FENG D G.A Conflict and Redundancy Analysis Method for XACML Rules [J].Chinese Journal of Computers,2009,32(3):516-530.(in Chinese)
王雅哲,冯登国.一种XACML规则冲突及冗余分析方法[J].计算机学报,2009,32(3):516-530.
[2]NIU D H,MA J F,MA Z,et al.HPEngine:high performance XACML policy evaluation engine based on statistical analysis[J].Journal on Communications,2014,35(8):206-215.(in Chinese)
牛德华,马建峰,马卓,等.基于统计分析优化的高性能XACML策略评估引擎[J].通信学报,2014,35(8):206-215.
[3]WANG Y Z,FENG D G,ZHANG L W,et al.XACML policy
evaluation engine based on multi-level optimization technology [J].Journal of Software,2011,22(2):323-338.(in Chinese)
王雅哲,冯登国,张立武,等.基于多层次优化技术的XACML策略评估引擎[J].软件学报,2011,22(2):323-338.
[4]QI Y,CHEN J,LI Q M.XACML policy evaluation optimization method based on reordering [J].Journal of Nanjing University of Science and Technology,2015,39(2):187-193.(in Chinese)
戚湧,陈俊,李千目.一种基于重排序的XACML策略评估优化方法[J].南京理工大学学报,2015,39(2):187-193.
[5]CHEN J.The research on XACML strategy optimization method
[D].Nanjing:Nanjing University of Science and Technology,2015.(in Chinese)
陈俊.XACML策略优化方法研究[D].南京:南京理工大学,2015.
[6]CHEN W H,WANG N N.Research on XACML policy evaluation optimization technology [J].Application Research of Computer,2013,30(3):900-905.(in Chinese)
陈伟鹤,王娜娜.基于XACML的策略评估优化技术的研究[J].计算机应用研究,2013,30(3):900-905.
[7]QI Y,CHEN J,LI Q M,et al.XACML strategy optimization
method based on redundancy elimination and attribute numericalization [J].Journal of Computer Science,2016,43(2):163-168.(in Chinese)
戚湧,陈俊,李千目.基于冗余消除和属性数值化的XACML策略优化方法[J].计算机科学,2016,43(2):163-168.
[8]eXtensible Access Control Markup Language(XACML) Version 3.0 [EB/OL].http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.doc.
[9]XACML 2.0 conformances tests [EB/OL].http://www.oasis-open.org/committees/download.php/14846/xacml2.0-ct-v.0.4.zip.
[10]Sun’s XACML Implementation [EB/OL].http://sunxacml.
sourceforge.net.
[11]Enterprise XACML Implementation [EB/OL].http://source-forge.net/projects/java-xacml.
[1] LI Zhao-qi, LI Ta. Query-by-Example with Acoustic Word Embeddings Using wav2vec Pretraining [J]. Computer Science, 2022, 49(1): 59-64.
[2] WU Lin, BAI Lan, SUN Meng-wei, GOU Zheng-wei. Algal Bloom Discrimination Method Using SAR Image Based on Feature Optimization Algorithm [J]. Computer Science, 2021, 48(9): 194-199.
[3] DING Shi-ming, WANG Tian-jing, SHEN Hang, BAI Guang-wei. Energy Classifier Based Cooperative Spectrum Sensing Algorithm for Anti-SSDF Attack [J]. Computer Science, 2021, 48(2): 282-288.
[4] WANG Meng, DING Zhi-jun. New Device Fingerprint Feature Selection and Model Construction Method [J]. Computer Science, 2020, 47(7): 257-262.
[5] WANG Rui-jie, LI Jun-huai, WANG Kan, WANG Huai-jun, SHANG Xun-chao, TU Peng-jia. Feature Selection Method for Behavior Recognition Based on Improved Feature Subset Discrimination [J]. Computer Science, 2020, 47(11A): 204-208.
[6] LIU Jun-qi, LI Zhi, ZHANG Xue-yang. Multi-level Ship Target Discrimination Method Based on Entropy and Residual Neural Network [J]. Computer Science, 2020, 47(11A): 253-257.
[7] ZENG Jin-song, RAO Yun-bo. Intelligent Classification of Massive Information Based on Conflict Game Algorithm [J]. Computer Science, 2018, 45(8): 208-212.
[8] JI Chong, WANG Sheng and LU Jian-feng. Human Action Recognition Based on Fisher Discrimination Dictionary Learning [J]. Computer Science, 2017, 44(7): 270-274.
[9] LU Qiu-ru, CHEN Jian-ping, MA Hai-ying and CHEN Wei-xu. Optimization Algorithm for Extensible Access Control Markup Language Policies [J]. Computer Science, 2017, 44(12): 115-119.
[10] CAO Wan-tian and YU Peng-fei. Mobile Application Security Policies and Testing Research on XACML [J]. Computer Science, 2017, 44(11): 134-145.
[11] LIU Xiao-jian, WANG Li-sheng and LIAO Xin-kao. Multiple Permissions Secure Access Control Scheme Combining CP-ABE and XACML in Cloud Storage [J]. Computer Science, 2016, 43(3): 118-121.
[12] QI Yong, CHEN Jun and LI Qian-mu. XACML Policy Optimization Method Based on Redundancy Elimination and Attribute Numericalization [J]. Computer Science, 2016, 43(2): 163-168.
[13] NI Chuan, HUANG Zhi-qiu, WANG Shan-shan and HUANG Chuan-lin. Attribute-based Access Control Method Supporting Policies Ontology Reasoning [J]. Computer Science, 2015, 42(3): 96-101.
[14] LI Dong-hui,ZHANG Bin,FEI Xiao-fei and LIU Yang. Algorithm of Matching to XACML-Policy Based on Component of Multi-valued Attribute [J]. Computer Science, 2014, 41(6): 104-107.
[15] . New Ideas of Face Orientation Discrimination Based on BP Neural Networks [J]. Computer Science, 2012, 39(Z11): 366-368.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.