计算机科学 ›› 2017, Vol. 44 ›› Issue (12): 115-119.doi: 10.11896/j.issn.1002-137X.2017.12.023
卢秋如,陈建平,马海英,陈韦旭
LU Qiu-ru, CHEN Jian-ping, MA Hai-ying and CHEN Wei-xu
摘要: 可扩展访问控制标记语言XACML得到了广泛应用。为提高XACML策略的评估效率,提出一种基于韦恩图法的XACML策略优化算法。将XACML策略规则的组成结构用集合论中的韦恩图表示,在设定合并算法优先级的基础上,借助集合间的交并关系,检测和消除策略规则间的冲突与冗余,提高策略评估效率。实验测试表明,该算法在各主流引擎下将 请求评估时间平均缩短10%~20%,同时能减少占用的存储空间,达到策略优化的目的。
| [1] SALDHANA A,TAPPETLA A,ANDERSON A,et al.Extensible Access Control Markup Language (XACML) Version 3.0.http://docs.oasis-open.org/xacml/3.0/xacml_3.0_core-spec_en.html. [2] Sun XACML.http://sunxacml.sourceforge.net. [3] Enterprise XACML.http://code.google.com/p/enterpri-se-java-xacml. [4] LIU A X,CHEN F,HWANG J H,et al.Designing Fast and Scalable XACML Policy Evaluation Engines[J].IEEE Transactions on Computers,2011,0(12):1802-1817. [5] WANG Y Z,FENG D G,ZHANG L W,et al.XACML PolicyEvaluation Engine Based on Multi-Level Optimization Technology[J].Journal of Software,2011,2(2):323-338.(in Chinese) 王雅哲,冯登国,张立武,等.基于多层次优化技术的XACML 策略评估引擎[J].软件学报,2011,2(2):323-338. [6] NIU D H,MA J F,MA Z,et al.HPEngine:high performance XACML policy evaluation engine based on statistical analysis[J].Journal on Communications,2014,5(8):206-215.(in Chinese) 牛德华,马建峰,马卓,等.基于统计分析优化的高性能XACML策略评估引擎[J].通信学报,2014,5(8):206-215. [7] BULTER B,JENNINGS B,BOTVICH D.XACML policy performance evaluation using a flexible load testing framework[C]∥ACM Conference on Computer and Communications Security.Chicago,USA,2010:648-650. [8] KOLOVSKI V,HENDLER J,PARSIA B.Analyzing web access control policies[C]∥International Conference on World Wide Web.Banff,Canada,2007:677-686. [9] FISLER K,KRISHNAMURTHI S,MEYEROVICH L A,et al.Verification and change-impact analysis of access-control policies[C]∥International Conference on Software Engineering.St.Louis,USA,2005:196-205. [10] MOURAD A,JEBBAOUI H.SBA-XACML:Set-based approach providing efficient policy decision process for accessing Web services[J].Expert Systems with Applications,2015,2(1):165-178. [11] JEBBAOUI H,MOURAD A,OTROK H,et al.Semantics-based approach for detecting flaws,conflicts and redundancies in XACML policies[J].Computers & Electrical Engineering,2015,44(C):91-103. [12] MOURAD A,TOUT H,TAHLI C,et al.From model-driven specification to design-level set-based analysis of XACML policies[J].Computers & Electrical Engineering,2016,2(C):65-79. [13] WANG Y Z,FENG D G.A Conflict and Redundancy Analysis Method for XACML Rules[J].Journal of Computers,2009,32(3):516-530.(in Chinese) 王雅哲,冯登国.一种XACML规则冲突及冗余分析方法[J].计算机学报,2009,2(3):516-530. [14] CHEN W H,WANG N N.Research on XACML policy evaluation optimization technology[J].Application Research of Computers,2013,0(3):900-905.(in Chinese) 陈伟鹤,王娜娜.基于XACML的策略评估优化技术的研究[J].计算机应用研究,2013,0(3):900-905. [15] QI Y,CHEN J,LI Q M.XACML policy evaluationoptimization method based on recording[J].Journal of Nanjing University of Science and Technology,2015,9(2):187-193.(in Chinese) 戚湧,陈俊,李千目.一种基于重排序的XACML策略评估优化方法[J].南京理工大学学报,2015,9(2):187-193. [16] MAROUF S,SHEHAB M,SQUICCIARINI A,et al.Adaptive Reordering and Clustering-Based Framework for Efficient XACML Policy Evaluation[J].IEEE Transactions on Services Computing,2012,4(4):300-313. [17] XACML 2.0 conformance test.http://www.oasis-open.org/committees/download.php/14846/xacml2.0-ct-v.0.4.zip. |
| No related articles found! |
|
||
首页