摘要
从提高策略评估效能出发,研究应用iMIDD方法对XACML策略进行评估。介绍了XACML和iMIDD与iX-MIDD的基本概念,对策略集、策略、规则及策略树进行了定义,并给出了两种方案将XACML策略转换成iMIDD与iX-MIDD图。方案一处理对象的次序完全符合XACML标准,但处理效率上可能稍差。方案二效率方面更好,但对象处理次序却不一定完全符合XACML标准。给出了用iX-MIDD评估访问请求的处理过程。用GEYSERS项目的实际访问控制策略进行了仿真实验,表明用此方法进行XACML策略评估效率高,非常实用。
In order to make effectiveness evaluation of XACML policy, the application of iMIDD approach is discussed. The fundamental concepts of XACML, iMIDD and iX-MIDD are expounded, the policy set, policy, rule and policy tree described, and the two schemes for transforming XACML policies into iMIDD and iX-MIDD also proposed. For scheme one, the ordering to evaluate target element is completely up to the evaluation standard in XACML, but may be less in evaluation efficiency, while scheme two is better in efficiency, but the ordering not sure to the standard. The procedure to evalute access request is given. And the simulation with actual access control policy for GEYSERS project indicates that iX-MIDD-based policy evaluation is effective and practicable.
出处
《通信技术》
2016年第5期627-631,共5页
Communications Technology