摘要
可扩展的访问控制标记语言(XACML)逐渐成为访问控制的标准之一,这就要求XACML具有高效的策略评估引擎。然而当规则和策略数达到一定规模时,策略评估性能很容易成为制约系统可用性的瓶颈。为了解决这一问题,该文综合考虑策略/规则最近执行记录及其复杂度,提出一种自适应的策略/规则重排序方法。该方法基于少部分策略/规则处理大部分请求,把高优先级策略/规则放于执行队列头部,从而提高了访问控制的系统策略评估效率。仿真实验结果表明,提出的方法在巴莱多定律前提下与现行的Sun XACML PDP引擎相比,性能有明显提升。
The eXtensible access control markup language( XACML) is becoming one of main access control standards calling for a high performance policy evaluation engine. In order to overcome the problem that the evaluating performance can easily become a bottleneck when the number of policies and rules is huge, an adaptive reordering method on policies/rules is proposed considering the recent execution record and complexity. A small portion of policies/rules is applied to solve most of the requests, and the performance of the policy evaluation is improved by putting polices/rules of high- priority in the head of execution queue. The simulation experiment results show that the proposed method has much greater performance than the Sun XACML PDP on the premise of the Pareto principle.
出处
《南京理工大学学报》
EI
CAS
CSCD
北大核心
2015年第2期187-193,共7页
Journal of Nanjing University of Science and Technology
基金
国家自然科学基金(61272419)
关键词
可扩展的访问控制标记语言
巴莱多定律
优先级
重排序
性能优化
eXtensible access control markup language
Pareto principle
priority
reordering
performance optimization