HPEngine: high performance XACML policy evaluation engine based on statistical analysis

De-hua NIU; Jian-feng MA; Zhuo MA; Chen-nan LI; Lei WANG

doi:10.3969/j.issn.1000-436x.2014.08.025

您当前的位置：

首页 >

文章列表页 >

HPEngine: high performance XACML policy evaluation engine based on statistical analysis

Correspondences | 更新时间：2024-10-11

- HPEngine: high performance XACML policy evaluation engine based on statistical analysis
- Journal on Communications Vol. 35, Issue 8, Pages: 206-215(2014)
- 作者机构：
  
  西安电子科技大学计算机学院，陕西西安 710071
- 作者简介：
- 基金信息：
- DOI：10.3969/j.issn.1000-436x.2014.08.025
  CLC： TP393
- Online First：2014-08，
  
  Published：25 August 2014
- 稿件说明：
移动端阅览
De-hua NIU, Jian-feng MA, Zhuo MA, et al. HPEngine: high performance XACML policy evaluation engine based on statistical analysis[J]. Journal on Communications, 2014, 35(8): 206-215.
DOI：

De-hua NIU, Jian-feng MA, Zhuo MA, et al. HPEngine: high performance XACML policy evaluation engine based on statistical analysis[J]. Journal on Communications, 2014, 35(8): 206-215. DOI： 10.3969/j.issn.1000-436x.2014.08.025.

摘要

为提高分布式环境下XACML策略评估引擎的效率，提出了新的XACML策略评估引擎HPEngine。该引擎利用基于统计分析的策略优化机制动态精化策略，并将精化的策略由于统计分析的多级缓存机制存储频繁调用的请求结果对、属性和策略信息。仿真结果表明，HPEngine所采用的基文本形式转化为数值形式；同时采用基于统计分析的多级优化机制缩减了策略规模，了匹配速度，整体评估性能优于其他同类系统。降低了引擎和其他功能部件的通信损耗，减少了匹配运算量，提高了匹配速度，整体评估性能优于其他同类系统。

Abstract

To improve the efficiency of the XACML(eXtensible access control markup language) policy evaluation en-gine under distributed environment

a novel XACML policy evaluation engine

HPEngine was proposed. The HPEngine dynamically refined policies based on statistical analysis of the policy optimization mechanism first and transformed text form of policy into numerical afterward. Moreover

the engine adopted the multi-level caching mechanism based on the statistical analysis to store frequently called request-results

attributes and policy information. Emulation results show that multi-level optimization mechanisms based on the statistical analysis applied in HPEngine significantly reduce the size of policies

decrease the communication cost between the engine and other components

lessen the amount of matching op-eration and improve the speed of matching. Comparative analysis demonstrates that HPEngine is obviously better in per-formance than other similar systems.

关键词

Keywords

references

Brief Introduction to XACML [EB/OL ] . https://www.oasis-open.org/committees/download.php/2713/Brief_Introduction_to_XACML.html https://www.oasis-open.org/committees/download.php/2713/Brief_Introduction_to_XACML.html .

Sun XACML [EB/OL ] . http://sunxacml.sourceforge.net/ http://sunxacml.sourceforge.net/ .

XACMLight [EB/OL ] . http://sourceforge.net/projects/xacmllight/ http://sourceforge.net/projects/xacmllight/ .

AXESCON XACML [EB/OL ] . http://axescon.com/ax2e/ http://axescon.com/ax2e/ .

Enterprise XACML [EB/OL ] . http://code.google.com/p/enterprise-java-xacml/ http://code.google.com/p/enterprise-java-xacml/ .

BUTLER B , JENNINGS B , FAME D B . XACML policy perfor mance evaluation using a flexible load testing framework [A ] . Proceedings of the 17th ACM conference on Computer and communications security (CCS) [C ] . New York, USA , 2010 , 978 - 980 .

LIU A X , CHEN F , HWANG J H . esigning fast and scalable XACML policy evaluation engines [J ] . IEEE Transactions on Com-puters , 2011 , 60 ( 12 ): 1802 - 1817 .

LIU A X , CHEN F , HWANG J H . XEngine: a fast and scalable XACML policy evaluation engine [A ] . Proceedings of the 2008 ACM-SIGMETRICS International Conference on Measurement and Model-ing of Computer Systems [C ] . New York, USA , 2008 , 265 - 276 .

MAROUF S , SHEHAB M , SQUICCIARINI A . Adaptive reordering and clustering-based framework for efficient XACML policy evalua-tion [J ] . IEEE Transactions on Services Computing , 2011 , 10 ( 4 ): 300 - 313 .

王雅皙，冯登国，张立武 . 基于多层次优化技术的XACML策略评估引擎 [J ] . 软件学报， 2011 , 22 ( 2 ): 323 - 338 .

WANG Y Z , FENG D G , ZHANG L W . XACML policy evaluation engine based on multi-level optimization technology [J ] . JJournal of Software , 2011 , 22 ( 2 ): 323 - 338 .

王雅皙，冯登国 . 一种XACML规则冲突及冗余分析方法 [J ] . 计算机学报， 2009 , 32 ( 3 ): 516 - 530 .

WANG Y Z , FENG D G . A conflict and redundancy analysis method for XACML rules [J ] . Chinese Journal of Computers , 2009 , 32 ( 3 ): 516 - 530 .

STEPIEN B , MATWIN S , FELTY A . An algorithm for compression of XACML access control policy sets by recursive subsumption [A ] . 2012 Seventh International Conference on Availability, Reliability and Se-curity [C ] . Ottawa, Canada , 2012 , 161 - 167 .

PHILIP L , MISELDINE S A , KARLSRUHE . Automated xacml policy reconfiguration for evaluation optimization [A ] . Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems [C ] New York, USA , 2008 . 1 - 8 .

TURKMEN F , CRISPO B . Performance evaluation of XACML PDP implementations [A ] . Proceedings of the 2008 ACM Workshop on Se-cure web services [C ] New York, USA , 2008 . 37 - 44 .

XACML 2.0 conformance tests [EB/OL ] . http://www.oasis-open.org/committees/download.php/14846/xacml2.0-ct-v.0.4.zip http://www.oasis-open.org/committees/download.php/14846/xacml2.0-ct-v.0.4.zip .

FISLER K , KRISHNAMURTHI S , MEYEROVICH L . Verification and change impact analysis of access-control policies [A ] . Proceedings of the 27th International Conference on Software Engineering [C ] New York, USA , 2005 . 196 - 205 .

Views

438

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

No data

Related Author

No data

Related Institution

No data

AI问答

⁰