Establishment of rule dictionary for efficient XACML policy management
作者: Fan Deng , Liyong Zhang , Changyu Zhang , Hao Ban , Chang Wan
DOI: 10.1016/J.KNOSYS.2019.03.015
关键词:
摘要: Abstract In order to improve the evaluation efficiency of XACML policy, storage principle rule dictionary is analyzed and policy engine XDPMOE proposed. This a new management optimization scheme based on bitmap HashMap. First all, we acquire numeralization set, establish array sequential structure, use quickly index rules evaluation. Secondly, bitmaps are used store which reduces space complexity engine. By simulating arrival access request, experimental results show that (1) reordering time spent by set in storing greatly reduced, (2) The average has significantly improved compared Sun PDP, HPEngine XEngine. hash matching algorithm not only takes up less space, but also can great extent.
sci-hub.se 参考文章(31)
Tejeddine Mouelhi, Franck Fleurey, Benoit Baudry, Yves Le Traon, A Model-Based Framework for Security Policy Specification, Deployment and Testing Model Driven Engineering Languages and Systems. pp. 537- 552 ,(2008) , 10.1007/978-3-540-87875-9_38
Michel St-Martin, Amy P. Felty, A verified algorithm for detecting conflicts in XACML access control rules certified programs and proofs. pp. 166- 175 ,(2016) , 10.1145/2854065.2854079
Azzam Mourad, Hussein Jebbaoui, SBA-XACML Expert Systems With Applications. ,vol. 42, pp. 165- 178 ,(2015) , 10.1016/J.ESWA.2014.07.031
Dan Lin, Prathima Rao, Rodolfo Ferrini, Elisa Bertino, Jorge Lobo, A Similarity Measure for Comparing XACML Policies IEEE Transactions on Knowledge and Data Engineering. ,vol. 25, pp. 1946- 1959 ,(2013) , 10.1109/TKDE.2012.174
Hussein Jebbaoui, Azzam Mourad, Hadi Otrok, Ramzi Haraty, Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies Computers & Electrical Engineering. ,vol. 44, pp. 91- 103 ,(2015) , 10.1016/J.COMPELECENG.2014.12.012
Carroline Dewi Puspa Kencana Ramli, Hanne Riis Nielson, Flemming Nielson, The logic of XACML Science of Computer Programming. ,vol. 83, pp. 80- 105 ,(2014) , 10.1016/J.SCICO.2013.05.003
Ni Dan, Shi Hua-Ji, Chen Yuan, Guo Jia-Hu, Attribute Based Access Control (ABAC)-Based Cross-Domain Access Control in Service-Oriented Architecture (SOA) international conference on computer science and service system. pp. 1405- 1408 ,(2012) , 10.1109/CSSS.2012.354
Daniel Díaz-López, Ginés Dólera-Tormo, Félix Gómez-Mármol, Gregorio Martínez-Pérez, Managing XACML systems in distributed environments through Meta-Policies Computers & Security. ,vol. 48, pp. 92- 115 ,(2015) , 10.1016/J.COSE.2014.10.004
Silvius Rus, Guobin He, Christophe Alias, Lawrence Rauchwerger, Region array SSA international conference on parallel architectures and compilation techniques. pp. 43- 52 ,(2006) , 10.1145/1152154.1152165
Wei She, I-Ling Yen, Farokh Bastani, Bao Tran, Bhavani Thuraisingham, Role-based integrated access control and data provenance for SOA based net-centric systems service oriented software engineering. pp. 225- 234 ,(2011) , 10.1109/SOSE.2011.6139111