Measurement and Prediction of Access Control Policy Evaluation Performance
作者: Bernard Butler , Brendan Jennings
DOI: 10.1109/TNSM.2015.2486519
关键词:
摘要: As the need for more pervasive and complex access controls grows, challenge of ensuring performance control systems is becoming apparent. Researchers have proposed several solutions to mitigate problems, including: adjusting policy set; re-engineering decision point (PDP); decomposing policies distributing their evaluation. However, since benefits tradeoffs depend heavily upon actual scenario, security administrators typically do not objective justification adopting particular mitigation actions. In response, we present ATLAS framework, comprising: 1) DomainManager , which facilitates modelling domain as closely possible automatically generates large numbers representative associated requests; 2) STACS enables controlled experiments be performed using generated policies/requests, collect comprehensive measurements PDP performance; 3) PARPACS aids understanding worth measurement data and, by rigorous validation techniques, reduces risk spurious insights or incorrect recommendations. We a discussion applied an enterprise communication where realised via XACML PDPs. Notable include that SunXacml 2.0 performs relatively poorly in terms evaluation adding additional memory and/or processor cores server guaranteed improve significantly.
sci-hub.se 参考文章(35)
David F Ferraiolo, John F Barkley, D Richard Kuhn, None, A role-based access control model and reference implementation within a corporate intranet ACM Transactions on Information and System Security. ,vol. 2, pp. 34- 64 ,(1999) , 10.1145/300830.300834
Canh Ngo, Marc X. Makkes, Yuri Demchenko, Cees de Laat, Multi-data-types interval decision diagrams for XACML evaluation engine conference on privacy, security and trust. pp. 257- 266 ,(2013) , 10.1109/PST.2013.6596061
Antonia Bertolino, Said Daoudagh, Francesca Lonetti, Eda Marchetti, Automatic XACML Requests Generation for Policy Testing international conference on software testing verification and validation. pp. 842- 849 ,(2012) , 10.1109/ICST.2012.185
Philip L. Miseldine, Automated xacml policy reconfiguration for evaluation optimisation Proceedings of the fourth international workshop on Software engineering for secure systems - SESS '08. pp. 1- 8 ,(2008) , 10.1145/1370905.1370906
Donia El Kateb, Tejeddine Mouelhi, Yves Le Traon, JeeHyun Hwang, Tao Xie, Refactoring access control policies for performance improvement international conference on performance engineering. pp. 323- 334 ,(2012) , 10.1145/2188286.2188346
Bruce L. Bowerman, Statistical Design and Analysis of Experiments, with Applications to Engineering and Science ,(1989)
David F. Ferraiolo, D. Richard Kuhn, Ramaswamy Chandramouli, Role-Based Access Control ,(2003)
Santiago Pina Ros, Mario Lischka, Félix Gómez Mármol, Graph-based XACML evaluation Proceedings of the 17th ACM symposium on Access Control Models and Technologies - SACMAT '12. pp. 83- 92 ,(2012) , 10.1145/2295136.2295153
B. Stepien, S. Matwin, A. Felty, Advantages of a non-technical XACML notation in role-based models conference on privacy, security and trust. pp. 193- 200 ,(2011) , 10.1109/PST.2011.5971983
Vladimir Kolovski, James Hendler, Bijan Parsia, Analyzing web access control policies the web conference. pp. 677- 686 ,(2007) , 10.1145/1242572.1242664