An experimental testbed to predict the performance of XACML Policy Decision Points
作者: Bernard Butler , Brendan Jennings , Dmitri Botvich
关键词: Discrete event simulation 、 Access control 、 Performance prediction 、 Queueing theory 、 XACML 、 Testbed 、 Scalability 、 Computer network 、 Computer science 、 Identification (information)
摘要: The performance and scalability of access control systems is a growing concern as organisations deploy ever more complex communications content management systems. This paper describes how an (offline) experimental testbed may be used to address concerns. To begin, timing measurements are collected from server component incorporating the Policy Decision Point (PDP) under test, using representative policies corresponding requests. Our experiments with two XACML PDP implementations show that measured request service times typically clustered by type; thus algorithm for cluster identification presented. Cluster characterisations inputs model given policy/request mix analytic (queueing) estimate equilibrium load different mixes clusters. prediction validated extended discrete event simulation subject additional load. These predictive models enable network administrators explore capacity overall loadings (requests per unit time) profiles (relative frequencies)
sci-hub.se 参考文章(14)
Evan Martin, Tao Xie, Ting Yu, Defining and measuring policy coverage in testing access control policies international conference on information and communication security. ,vol. 4307, pp. 139- 158 ,(2006) , 10.1007/11935308_11
Bernard Butler, Brendan Jennings, Dmitri Botvich, XACML policy performance evaluation using a flexible load testing framework computer and communications security. pp. 648- 650 ,(2010) , 10.1145/1866307.1866385
Steven Davy, Brendan Jennings, John Strassner, The policy continuum-Policy authoring and conflict analysis Computer Communications. ,vol. 31, pp. 2981- 2995 ,(2008) , 10.1016/J.COMCOM.2008.04.018
Dharmesh Thakkar, Ahmed E. Hassan, Gilbert Hamann, Parminder Flora, A framework for measurement based performance modeling Proceedings of the 7th international workshop on Software and performance - WOSP '08. pp. 55- 66 ,(2008) , 10.1145/1383559.1383567
Shariq Rizvi, Alberto Mendelzon, S. Sudarshan, Prasan Roy, Extending query rewriting techniques for fine-grained access control international conference on management of data. pp. 551- 562 ,(2004) , 10.1145/1007568.1007631
Fatih Turkmen, Bruno Crispo, Performance evaluation of XACML PDP implementations Proceedings of the 2008 ACM workshop on Secure web services - SWS '08. pp. 37- 44 ,(2008) , 10.1145/1456492.1456499
Philip L. Miseldine, Automated xacml policy reconfiguration for evaluation optimisation Proceedings of the fourth international workshop on Software engineering for secure systems - SESS '08. pp. 1- 8 ,(2008) , 10.1145/1370905.1370906
Hazem Hamed, Ehab Al-Shaer, Dynamic rule-ordering optimization for high-speed firewall filtering Proceedings of the 2006 ACM Symposium on Information, computer and communications security - ASIACCS '06. pp. 332- 342 ,(2006) , 10.1145/1128817.1128867
Vincent C. Hu, Evan Martin, JeeHyun Hwang, Tao Xie, Conformance Checking of Access Control Policies Specified in XACML computer software and applications conference. ,vol. 2, pp. 275- 280 ,(2007) , 10.1109/COMPSAC.2007.96
Vladimir Kolovski, James Hendler, Bijan Parsia, Analyzing web access control policies the web conference. pp. 677- 686 ,(2007) , 10.1145/1242572.1242664