基于统计分析优化的高性能XACML策略评估引擎

牛德华; 马建峰; 马卓; 李辰楠; 王蕾

doi:10.3969/j.issn.1000-436x.2014.08.025

您当前的位置：

首页 >

文章列表页 >

基于统计分析优化的高性能XACML策略评估引擎

学术通信 | 更新时间：2024-10-11

- 基于统计分析优化的高性能XACML策略评估引擎
- HPEngine: high performance XACML policy evaluation engine based on statistical analysis
- 通信学报 2014年35卷第8期页码：206-215
- 作者机构：
- 作者简介：
  
  [ "牛德华（1989-），男，山西吕梁人，西安电子科技大学硕士生，主要研究方向为云存储访问控制、云存储安全、移动终端安全等。" ]
  [ "马建峰（1963-），男，陕西西安人，博士，西安电子科技大学计算机学院院长、教授、博士生导师，主要研究方向为密码学、计算机网络与信息安全。" ]
  [ "马卓（1980-），男，陕西延安人，博士，西安电子科技大学副教授，主要研究方向为无线网络安全、安全协议的形式化分析与设计理论与方法、可信计算理论与技术等。" ]
  [ "李辰楠（1988-），男，陕西西安人，西安电子科技大学硕士生，主要研究方向为网络安全、Web 访问控制、云计算安全存储等。" ]
  [ "王蕾（1988-），女，陕西西安人，西安电子科技大学硕士生，主要研究方向为网络安全、密钥管理、云计算安全存储等。" ]
- 基金信息：
  
  长江学者和创新团队发展计划基金资助项目;Changjiang Scholars and Innovative Research Team in University(IRT1078)
- DOI：10.3969/j.issn.1000-436x.2014.08.025
  中图分类号： TP393
- 网络出版日期：2014-08，
  
  纸质出版日期：2014-08-25
- 稿件说明：
移动端阅览
牛德华, 马建峰, 马卓, 等. 基于统计分析优化的高性能XACML策略评估引擎[J]. 通信学报, 2014,35(8):206-215.

De-hua NIU, Jian-feng MA, Zhuo MA, et al. HPEngine: high performance XACML policy evaluation engine based on statistical analysis[J]. Journal on communications, 2014, 35(8): 206-215.
牛德华, 马建峰, 马卓, 等. 基于统计分析优化的高性能XACML策略评估引擎[J]. 通信学报, 2014,35(8):206-215. DOI： 10.3969/j.issn.1000-436x.2014.08.025.

De-hua NIU, Jian-feng MA, Zhuo MA, et al. HPEngine: high performance XACML policy evaluation engine based on statistical analysis[J]. Journal on communications, 2014, 35(8): 206-215. DOI： 10.3969/j.issn.1000-436x.2014.08.025.

摘要

为提高分布式环境下XACML策略评估引擎的效率，提出了新的XACML策略评估引擎HPEngine。该引擎利用基于统计分析的策略优化机制动态精化策略，并将精化的策略由于统计分析的多级缓存机制存储频繁调用的请求结果对、属性和策略信息。仿真结果表明，HPEngine所采用的基文本形式转化为数值形式；同时采用基于统计分析的多级优化机制缩减了策略规模，了匹配速度，整体评估性能优于其他同类系统。降低了引擎和其他功能部件的通信损耗，减少了匹配运算量，提高了匹配速度，整体评估性能优于其他同类系统。

Abstract

To improve the efficiency of the XACML(eXtensible access control markup language) policy evaluation en-gine under distributed environment

a novel XACML policy evaluation engine

HPEngine was proposed. The HPEngine dynamically refined policies based on statistical analysis of the policy optimization mechanism first and transformed text form of policy into numerical afterward. Moreover

the engine adopted the multi-level caching mechanism based on the statistical analysis to store frequently called request-results

attributes and policy information. Emulation results show that multi-level optimization mechanisms based on the statistical analysis applied in HPEngine significantly reduce the size of policies

decrease the communication cost between the engine and other components

lessen the amount of matching op-eration and improve the speed of matching. Comparative analysis demonstrates that HPEngine is obviously better in per-formance than other similar systems.

关键词

Keywords

references

Brief Introduction to XACML [EB/OL ] . https://www.oasis-open.org/committees/download.php/2713/Brief_Introduction_to_XACML.html https://www.oasis-open.org/committees/download.php/2713/Brief_Introduction_to_XACML.html .

Sun XACML [EB/OL ] . http://sunxacml.sourceforge.net/ http://sunxacml.sourceforge.net/ .

XACMLight [EB/OL ] . http://sourceforge.net/projects/xacmllight/ http://sourceforge.net/projects/xacmllight/ .

AXESCON XACML [EB/OL ] . http://axescon.com/ax2e/ http://axescon.com/ax2e/ .

Enterprise XACML [EB/OL ] . http://code.google.com/p/enterprise-java-xacml/ http://code.google.com/p/enterprise-java-xacml/ .

BUTLER B , JENNINGS B , FAME D B . XACML policy perfor mance evaluation using a flexible load testing framework [A ] . Proceedings of the 17th ACM conference on Computer and communications security (CCS) [C ] . New York, USA , 2010 , 978 - 980 .

LIU A X , CHEN F , HWANG J H . esigning fast and scalable XACML policy evaluation engines [J ] . IEEE Transactions on Com-puters , 2011 , 60 ( 12 ): 1802 - 1817 .

LIU A X , CHEN F , HWANG J H . XEngine: a fast and scalable XACML policy evaluation engine [A ] . Proceedings of the 2008 ACM-SIGMETRICS International Conference on Measurement and Model-ing of Computer Systems [C ] . New York, USA , 2008 , 265 - 276 .

MAROUF S , SHEHAB M , SQUICCIARINI A . Adaptive reordering and clustering-based framework for efficient XACML policy evalua-tion [J ] . IEEE Transactions on Services Computing , 2011 , 10 ( 4 ): 300 - 313 .

王雅皙，冯登国，张立武 . 基于多层次优化技术的XACML策略评估引擎 [J ] . 软件学报， 2011 , 22 ( 2 ): 323 - 338 .

WANG Y Z , FENG D G , ZHANG L W . XACML policy evaluation engine based on multi-level optimization technology [J ] . JJournal of Software , 2011 , 22 ( 2 ): 323 - 338 .

王雅皙，冯登国 . 一种XACML规则冲突及冗余分析方法 [J ] . 计算机学报， 2009 , 32 ( 3 ): 516 - 530 .

WANG Y Z , FENG D G . A conflict and redundancy analysis method for XACML rules [J ] . Chinese Journal of Computers , 2009 , 32 ( 3 ): 516 - 530 .

STEPIEN B , MATWIN S , FELTY A . An algorithm for compression of XACML access control policy sets by recursive subsumption [A ] . 2012 Seventh International Conference on Availability, Reliability and Se-curity [C ] . Ottawa, Canada , 2012 , 161 - 167 .

PHILIP L , MISELDINE S A , KARLSRUHE . Automated xacml policy reconfiguration for evaluation optimization [A ] . Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems [C ] New York, USA , 2008 . 1 - 8 .

TURKMEN F , CRISPO B . Performance evaluation of XACML PDP implementations [A ] . Proceedings of the 2008 ACM Workshop on Se-cure web services [C ] New York, USA , 2008 . 37 - 44 .

XACML 2.0 conformance tests [EB/OL ] . http://www.oasis-open.org/committees/download.php/14846/xacml2.0-ct-v.0.4.zip http://www.oasis-open.org/committees/download.php/14846/xacml2.0-ct-v.0.4.zip .

FISLER K , KRISHNAMURTHI S , MEYEROVICH L . Verification and change impact analysis of access-control policies [A ] . Proceedings of the 27th International Conference on Software Engineering [C ] New York, USA , 2005 . 196 - 205 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据