Computer Science ›› 2017, Vol. 44 ›› Issue (12): 115-119.doi: 10.11896/j.issn.1002-137X.2017.12.023

Previous Articles     Next Articles

Optimization Algorithm for Extensible Access Control Markup Language Policies

LU Qiu-ru, CHEN Jian-ping, MA Hai-ying and CHEN Wei-xu   

  • Online:2018-12-01 Published:2018-12-01

Abstract: Extensible access control markup language XACML is widely used.To improve the efficiency of XACML policy evaluation,an XACML policy optimization algorithm based on Venn graphic method was proposed.The XACML policy and rule structure are expressed as the Venn diagrams in the set theory.On the basis of setting the combination algorithm priorities,the conflicts and redundancies among the policies and rules are detected and eliminated according to the intersection and union relations between the sets.The experimental tests show that the algorithm reduces the evalua-tion time by 10% to 20% for the mainstream engines and decreases the occupied memory space at the same time,which hence achieves the purpose of the policy optimization.

Key words: Access control,XACML,Policy evaluation,Venn diagram

[1] SALDHANA A,TAPPETLA A,ANDERSON A,et al.Extensible Access Control Markup Language (XACML) Version 3.0.http://docs.oasis-open.org/xacml/3.0/xacml_3.0_core-spec_en.html.
[2] Sun XACML.http://sunxacml.sourceforge.net.
[3] Enterprise XACML.http://code.google.com/p/enterpri-se-java-xacml.
[4] LIU A X,CHEN F,HWANG J H,et al.Designing Fast and Scalable XACML Policy Evaluation Engines[J].IEEE Transactions on Computers,2011,0(12):1802-1817.
[5] WANG Y Z,FENG D G,ZHANG L W,et al.XACML PolicyEvaluation Engine Based on Multi-Level Optimization Technology[J].Journal of Software,2011,2(2):323-338.(in Chinese) 王雅哲,冯登国,张立武,等.基于多层次优化技术的XACML 策略评估引擎[J].软件学报,2011,2(2):323-338.
[6] NIU D H,MA J F,MA Z,et al.HPEngine:high performance XACML policy evaluation engine based on statistical analysis[J].Journal on Communications,2014,5(8):206-215.(in Chinese) 牛德华,马建峰,马卓,等.基于统计分析优化的高性能XACML策略评估引擎[J].通信学报,2014,5(8):206-215.
[7] BULTER B,JENNINGS B,BOTVICH D.XACML policy performance evaluation using a flexible load testing framework[C]∥ACM Conference on Computer and Communications Security.Chicago,USA,2010:648-650.
[8] KOLOVSKI V,HENDLER J,PARSIA B.Analyzing web access control policies[C]∥International Conference on World Wide Web.Banff,Canada,2007:677-686.
[9] FISLER K,KRISHNAMURTHI S,MEYEROVICH L A,et al.Verification and change-impact analysis of access-control policies[C]∥International Conference on Software Engineering.St.Louis,USA,2005:196-205.
[10] MOURAD A,JEBBAOUI H.SBA-XACML:Set-based approach providing efficient policy decision process for accessing Web services[J].Expert Systems with Applications,2015,2(1):165-178.
[11] JEBBAOUI H,MOURAD A,OTROK H,et al.Semantics-based approach for detecting flaws,conflicts and redundancies in XACML policies[J].Computers & Electrical Engineering,2015,44(C):91-103.
[12] MOURAD A,TOUT H,TAHLI C,et al.From model-driven specification to design-level set-based analysis of XACML policies[J].Computers & Electrical Engineering,2016,2(C):65-79.
[13] WANG Y Z,FENG D G.A Conflict and Redundancy Analysis Method for XACML Rules[J].Journal of Computers,2009,32(3):516-530.(in Chinese) 王雅哲,冯登国.一种XACML规则冲突及冗余分析方法[J].计算机学报,2009,2(3):516-530.
[14] CHEN W H,WANG N N.Research on XACML policy evaluation optimization technology[J].Application Research of Computers,2013,0(3):900-905.(in Chinese) 陈伟鹤,王娜娜.基于XACML的策略评估优化技术的研究[J].计算机应用研究,2013,0(3):900-905.
[15] QI Y,CHEN J,LI Q M.XACML policy evaluationoptimization method based on recording[J].Journal of Nanjing University of Science and Technology,2015,9(2):187-193.(in Chinese) 戚湧,陈俊,李千目.一种基于重排序的XACML策略评估优化方法[J].南京理工大学学报,2015,9(2):187-193.
[16] MAROUF S,SHEHAB M,SQUICCIARINI A,et al.Adaptive Reordering and Clustering-Based Framework for Efficient XACML Policy Evaluation[J].IEEE Transactions on Services Computing,2012,4(4):300-313.
[17] XACML 2.0 conformance test.http://www.oasis-open.org/committees/download.php/14846/xacml2.0-ct-v.0.4.zip.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!