计算机科学 ›› 2016, Vol. 43 ›› Issue (2): 163-168.doi: 10.11896/j.issn.1002-137X.2016.02.036
戚湧,陈俊,李千目
QI Yong, CHEN Jun and LI Qian-mu
摘要: 可扩展的访问控制标记语言(eXtensible Access Control Markup Language,XACML)逐渐成为访问控制的标准之一。为了确保系统可用性,访问控制系统需要高效的XACML策略评估引擎。针对这一问题,从XACML策略本身潜在的不足出发,从冗余消除和属性数值化两个方面对XACML策略进行了优化。冗余消除在不影响策略评估结果的前提下去除策略库中的冗余规则,同时结合规则压缩消除规则间的冗余状态。属性数值化将文本的XACML策略属性转化为数值属性,使评估引擎匹配使用高效的数值匹配方式而不是低效的字符串匹配方式,同时使用Hash表结构存储数值属性与文本属性的映射关系有利于策略维护。仿真实验结果表明,提出的策略优化方法的性能与原始Sun XACML 相比有较大提升。
| [1] Standard OASIS.eXtensible Access Control Markup Language (XACML) Version 3.0.[S/OL].2013.http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html [2] Ramli C D P K,Nielson H R,Nielson F.The logic of XACML[J].Science of Computer Programming,2014,83:80-105 [3] Bertolino A,Daoudagh S,Lonetti F,et al.Xacmut:Xacml 2.0mutants generator[C]∥ 2013 IEEE Sixth International Confe-rence on Software Testing,Verification and Validation Workshops (ICSTW),2013.IEEE,2013:28-33 [4] El Kateb D,Elrakaiby Y,Mouelhi T,et al.Towards a Full Support of Obligations In XACML[C]∥9th International Confe-rence on Risks and Security of Internet and Systems.2014 [5] Lunardelli A,Matteucci I,Mori P,et al.A prototype for solving conflicts in XACML-based e-Health policies[C]∥2013 IEEE 26th International Symposium on Computer-Based Medical Systems (CBMS),2013.IEEE,2013:449-452 [6] Le T T K,Van H D S,Dang A T,et al.Towards a Flexible Framework to Support a Generalized Extension of XACML for Spatio-temporal RBAC Model with Reasoning Ability[J].International Journal of Web Information Systems,2014,0(2):437-451 [7] Ryba G,Jung M,Kastner W.Authorization as a service in smart grids:Evaluating the PaaS paradigm for XACML policy decision points[C]∥2013 IEEE 18th Conference on Emerging Technologies & Factory Automation (ETFA),2013.IEEE,2013:1-4 [8] De la Rosa Algarín A,Ziminski T B,Demurjian S A,et al.Gene-rating XACML Enforcement Policies for Role-Based Access Control of XML Documents[C]∥Web Information Systems and Technologies,2014.Springer Berlin Heidelberg,2014:21-36 [9] Sun XACML.2006.http://sunxacml.sourceforge.net [10] Enterprise XACML.2008.http://code.google.com/p/enterprise-java-xacml [11] Liu A X,Chen Fei,Hwang J H,et al.Designing fast and scalable XACML policy evaluation engines[J].IEEE Trans on Compu-ters,2011,60(12):1802-1817 [12] Niu De-hua,Ma Jian-feng,Ma Zhuo,et al.HPEngine:high performance XACML policy evaluation engine based on statistical analysis[J].Journal on Communications,2014,35(8):206-215(in Chinese) 牛德华,马建峰,马卓,等.基于统计分析优化的高性能XACML策略评估引擎[J].通信学报,2014,35(8):206-215 [13] Wang Ya-zhe,Feng Deng-guo,Zhang Li-wu,et al.XACML Policy Evaluation Engine Based on Multi-Level Optimization Technology[J].Journal of Software,2011,22(2):323-338(in Chinese) 王雅哲,冯登国,张立武,等.基于多层次优化技术的 XACML 策略评估引擎[J].Journal of Software,2011,22(2):323-338 [14] Wang Ya-zhe,Feng Deng-guo.A Conflict and Redundancy Ana-lysis Method for XACML Rules[J].Chinese Journal of Compu-ters,2009(3):516-530(in Chinese) 王雅哲,冯登国.一种 XACML 规则冲突及冗余分析方法[J].计算机学报,2009(3):516-530 [15] Stepien B,Matwin S,Felty A.An Algorithm for Compression of XACML Access Control Policy Sets by Recursive Subsumption[C]∥2012 Seventh International Conference on Availability,Reliability and Security (ARES),2012.IEEE,2012:161-167 |
| No related articles found! |
|
||
首页