期刊文献+

一种基于重排序的XACML策略评估优化方法 被引量:4

XACML policy evaluation optimization method based on reordering
下载PDF
导出
摘要 可扩展的访问控制标记语言(XACML)逐渐成为访问控制的标准之一,这就要求XACML具有高效的策略评估引擎。然而当规则和策略数达到一定规模时,策略评估性能很容易成为制约系统可用性的瓶颈。为了解决这一问题,该文综合考虑策略/规则最近执行记录及其复杂度,提出一种自适应的策略/规则重排序方法。该方法基于少部分策略/规则处理大部分请求,把高优先级策略/规则放于执行队列头部,从而提高了访问控制的系统策略评估效率。仿真实验结果表明,提出的方法在巴莱多定律前提下与现行的Sun XACML PDP引擎相比,性能有明显提升。 The eXtensible access control markup language( XACML) is becoming one of main access control standards calling for a high performance policy evaluation engine. In order to overcome the problem that the evaluating performance can easily become a bottleneck when the number of policies and rules is huge, an adaptive reordering method on policies/rules is proposed considering the recent execution record and complexity. A small portion of policies/rules is applied to solve most of the requests, and the performance of the policy evaluation is improved by putting polices/rules of high- priority in the head of execution queue. The simulation experiment results show that the proposed method has much greater performance than the Sun XACML PDP on the premise of the Pareto principle.
出处 《南京理工大学学报》 EI CAS CSCD 北大核心 2015年第2期187-193,共7页 Journal of Nanjing University of Science and Technology
基金 国家自然科学基金(61272419)
关键词 可扩展的访问控制标记语言 巴莱多定律 优先级 重排序 性能优化 eXtensible access control markup language Pareto principle priority reordering performance optimization
  • 相关文献

参考文献10

  • 1OASIS. eXtensible access control markup language (XACML) 3. 0 [ EB/OL ]. https ://www. oasis-open. org/committees/tc_ home. php? wg_ abbrev = xacml, 2013-01-22.
  • 2Sun. Sun PDP [ EB/OL ]. http://sunxacml. sourceforge, net/,2006-06-21.
  • 3JBoss. PicketBox XACML [ EB/OL ]. https:/! community, jboss, org/wiki/Picket Box XACMLJ Boss XACML ,2013-04-27.
  • 4Enterprise XACML [ EB/OL ]. http://code, google. com/p/enterprise-java-xacml/ ,2009-01-09.
  • 5Liu Alex X ,Chen Fei, Hwang Jee-Hyun, et al. Designing fast and scalable XACML policy evaluation engines [ J ]. IEEE Trans on Computers,2011,60 ( 12 ) : 1802-1817.
  • 6王雅哲,冯登国,张立武,张敏.基于多层次优化技术的XACML策略评估引擎[J].软件学报,2011,22(2):323-338. 被引量:18
  • 7陈伟鹤,王娜娜.基于XACML的策略评估优化技术的研究[J].计算机应用研究,2013,30(3):900-905. 被引量:7
  • 8Fatih Turkmen, Bruno Crispo. Performance evaluation of XACML PDP implementations[ A]. Proc of the 2008 ACM Workshop on Secure Web Services [ C ]. New York, US : ACM Press, 2008 : 37-44.
  • 9Li N, Hwang J H, Xie T. Multiple-implementation testing for XACML implementations [ A ]. Proe of the 2008 Workshop on Testing, Analysis, and Verification of Web Services and Applications [ C ]. New York, US : ACM Press,2008:27-33.
  • 10OASIS. XACML 2. 0 conformance tests [ EB/OL ]. http://www, oasis-open, org/eommittees/download. php/14846/xaem12.0-et-v. 0.4. zip, 2005-10-10.

二级参考文献16

  • 1李晓峰,冯登国,徐震.基于扩展XACML的策略管理[J].通信学报,2007,28(1):103-110. 被引量:10
  • 2李晓峰,冯登国,何永忠.XACML Admin中的策略预处理研究[J].计算机研究与发展,2007,44(5):729-736. 被引量:5
  • 3OASIS. EXtensible access control markup language (XACML) ver- sion 3.0[ S]. 2012.
  • 4MARTIN E, XIE Tao, YU Ting. Defining and measuring policy cove- rage in testing access control policies [ C ]//Proc of the 8th Interna- tional Conference on Information and Communications Security. Ber- lin : Springer-Vedag, 2006 : 139-158.
  • 5GUELEY D P, RYAN M, SCHOBBENS P Y. Model-checking access control policies [ C ]//Proc of the 7th International Conference on In- formation Security. Berlin : Springer-Verlag ,2004:219 - 230.
  • 6FISLER K, KRISHNAMURTHI S, MEYEROVICH L A,et al. Verifi- cation and change-impact analysis of access-control policies [ C ]// Proc of the 27th International Conference on Software Engineering. New York: ACM Press , 2005 :196- 205 .
  • 7HUGHES G, BULTAN T. Automated verification of XACML policies using a SAT solver[ J]. Software Tools for Technology Transfer, 2008,10(6) :503-520.
  • 8JBoss XACML[ EB/OL]. (2008). http ://www. jboss, org/jbosssecu- rity/download/index, html.
  • 9Melcoe PDP [ EB/OL]. (2008). http ://www. muradora, org/mura- dora/wiki/MelcoePDPDoc.
  • 10Enterprise XACML[ EB/OL ]. (2008). http ://code. google, com/p/ enterprise-java-xacml/.

共引文献20

同被引文献20

  • 1OASIS. eXtensible Access Control Markup Language (XACML) Version 3. 0 [ EB/OL]. (2013- 1 -23) [ 2016-3-12 ]. http ://docs. oasis-open, org/xacml/3. 0/xacml-3.0-core-spec-os-en. html.
  • 2OASIS. Available XACML Implementations. [ EB/OL ]. (2016) [ 2016-3-12]. https://www, oasis-open, org/ committees/tc_home php9 wg_abbrev=xacml#other.
  • 3Fisler K, Krishnamurthi S, Meyerovich LA, et al. Verifi- cation and Change- Impact Analysis of Access- Control Policies [ C ]//Proceedings of the 27th International Con- ference on Software Engineering. New York, NY, USA: ACM ; 2005 : 196-205.
  • 4LIU A X, CEHN F, WANG J H, et al. Designing Fast and Scalable XACML Policy Evaluation Engines [ J ]. IEEE Transactions on Computers, 2011, 60(12) : 1802-1817.
  • 5Santiago Pina Ros, Mario Lischka, F6hx Gemez Mermol. Graph-based XACML Evaluation[ C ]// Proceedings of the 17th ACM Symposium on Access Control Models and Tech- nologies. ACM New York, NY, USA. 2012: 83-92.
  • 6Marouf S,Shehab M,Squicciarini A, et al. Adaptive Re- ordering and Clustering- based Framework for Efficient XACML Policy Evaluation [ J ]. IEEE Transactions on Services Computing, 2012, 4(4):300-313.
  • 7RAO P, LIN D, E Bertino, et al. Fine-Grained Inte- gration of Access Control Policies [ J ]. Computers and Security, 2011, 30(2-3) :91-107.
  • 8Ngo C, Makkes M X, Demchenko Y, et al. Multi-Data -Types Interval Decision Diagrams for Xacml Evaluation Engine [ C ]//2013 IEEE Eleventh Annual International Conference on Privacy, Security and Trust (PST). 2013 : 257-266.
  • 9Canh Ngo, Yuri Demchenko, Cees de Laat. Decision Dia- grams for XACML Policy Evaluation and Management [ J ]. Computers & Security, 2015, 49(2015) :1-16.
  • 10王雅哲,冯登国.一种XACML规则冲突及冗余分析方法[J].计算机学报,2009,32(3):516-530. 被引量:33

引证文献4

二级引证文献4

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部