期刊文献+

一种可扩展访问控制标记语言的策略优化算法 被引量:1

Optimization Algorithm for Extensible Access Control Markup Language Policies
下载PDF
导出
摘要 可扩展访问控制标记语言XACML得到了广泛应用。为提高XACML策略的评估效率,提出一种基于韦恩图法的XACML策略优化算法。将XACML策略规则的组成结构用集合论中的韦恩图表示,在设定合并算法优先级的基础上,借助集合间的交并关系,检测和消除策略规则间的冲突与冗余,提高策略评估效率。实验测试表明,该算法在各主流引擎下将请求评估时间平均缩短10%~20%,同时能减少占用的存储空间,达到策略优化的目的。 Extensible access control markup language XACML is widely used.To improve the efficiency of XACML policy evaluation,an XACML policy optimization algorithm based on Venn graphic method was proposed.The XACML policy and rule structure are expressed as the Venn diagrams in the set theory.On the basis of setting the combination algorithm priorities,the conflicts and redundancies among the policies and rules are detected and eliminated according to the intersection and union relations between the sets.The experimental tests show that the algorithm reduces the evaluation time by10%to20%for the mainstream engines and decreases the occupied memory space at the same time,which hence achieves the purpose of the policy optimization.
作者 卢秋如 陈建平 马海英 陈韦旭 LU Qiu-ru;CHEN Jian-ping;MA Hai-ying;CHEN Wei-xu(School of Computer Science and Technology, Nantong University,Nantong226019,China)
出处 《计算机科学》 CSCD 北大核心 2017年第12期110-113,125,共5页 Computer Science
基金 国家自然科学基金项目(61402244) 南通市应用基础研究项目(GY2015012) 南通大学自然科学基金项目(15z06)资助
关键词 访问控制 XACML 策略评估 韦恩图 Access control XACML Policy evaluation Venn diagram
  • 相关文献

参考文献5

二级参考文献59

  • 1李晓峰,冯登国,徐震.基于扩展XACML的策略管理[J].通信学报,2007,28(1):103-110. 被引量:10
  • 2李晓峰,冯登国,何永忠.XACML Admin中的策略预处理研究[J].计算机研究与发展,2007,44(5):729-736. 被引量:5
  • 3Sloman M. Policy driven management for distributed systems. Journal of Network and Systems Management, 1994, 2(4) :333-360.
  • 4Moses T. eXtensible access control markup language (XACML) version 2.0. OASIS Standard, 2005.
  • 5Jajodia S, Samarati P, Subrahmanian V S et al. A unified framework for enforcing multiple access control policies// Proceedings of the ACM SIGMOD International Conference on Management of Data. Tucson, Arizona, USA, 1997, 26 (2) : 474-485.
  • 6Jajodia S, Samarati P, Subrahmanian V S. A logical language for expressing authorizations//Proeeedings of the 1997 IEEE Symposium on Security and Privacy. Los Alamitos, California, USA, 1997:31-42.
  • 7Lupu E, Sloman M. Conflicts in policy-based distributed systems management. IEEE Transactions on Software Engineering, 1999, 25(6): 852-869.
  • 8Cholvy L, Cuppens F. Analyzing consistency of security policies//Proceedings of the 1997 IEEE Symposium on Security and Privacy. Los Alamitos, California, USA, 1997:103-112.
  • 9Dunlop N, Indulska J, Raymond K. Dynamic conflict detection in policy-based management systems//Proceedings of the 6th International Enterprise Distributed Object ComputingConference (EDOC). Lausanne, Switzerland, 2002:15-26.
  • 10Guelev D P, Ryan M, Schobbens P Y. Modei-checking access control policies. Lecture Notes in Computer Science 3225. Berlin: Springer-Verlag, 2004.. 219-230.

共引文献49

同被引文献3

引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部