Abstract
This paper proposes an XACML (Extensible Access Control Markup Language) policy optimization algorithm to increase the efficiency of policy evaluation, which is based on the Venn graphic method of set theory. A three layer structure model for XACML is constructed. The policies and rules in the layers are mapped into sets and expressed with the Venn diagrams. According to the decision result of each layer and by setting the combining algorithm priority, the conflicts and the redundancies among access control policies and rules are detected and eliminated based on the intersection and union relations between sets. Experimental tests carried under the main evaluation engines show that the algorithm can decrease the evaluation time effectively and reduce the memory space occupancy as well.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Extensible Access Control Markup Language (XACML) v3.0 (2012)
Sun XACML. http://sunxacml.sourceforge.net/
Enterprise XACML. http://code.google.com/p/enterprise-java-xacml/
Liu, A.X., Chen, F., Hwang, J.H.: Designing fast and scalable XACML policy evaluation engines. IEEE Trans. Comput. 60(12), 1802–1817 (2011)
Wang, Y.Z., Feng, D.G., Zhang, L.W., Zhang, M.: XACML policy evaluation engine based on multi-level optimization technology. J. Softw. 22, 323–338 (2011)
Niu, D.H., Ma, J.F., Ma, Z.: HPEngine: high performance XACML policy evaluation engine based on statistical analysis. J. Commun. 35(8), 206–215 (2014)
Butler, B., Jennings, B., Botvich, D.: XACML policy performance evaluation using a flexible load testing framework. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 648–650. ACM (2010)
Kolovski, V., Hendler, J., Parsia, B.: Analyzing web access control policies. In: Proceedings of the 16th International Conference on World Wide Web, pp. 677–686. ACM (2007)
Fisler, K., Krishnamurthi, S., Meyerovich, L.A.: Verification and change-impact analysis of access-control policies. In: 27th International Conference on IEEE Software Engineering, pp. 196–205 (2005)
Mourad, A., Jebbaoui, H.: SBA-XACML: set-based approach providing efficient policy decision process for accessing web services. Expert Syst. Appl. 42(1), 165–178 (2015)
Jebbaoui, H., Mourad, A., Otrok, H.: Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies. Comput. Electr. Eng. 44, 91–103 (2015)
Mourad, A., Tout, H., Talhi, C.: From model-driven specification to design-level set-based analysis of XACML policies. Comput. Electr. Eng., 1–15 (2015)
Wang, Y.Z., Feng, D.G.: A conflict and redundancy analysis method for XACML rules. J. Comput. 32(3), 516–530 (2009)
Chen, W.H., Wang, N.N.: Research on XACML policy evaluation optimization technology. Appl. Res. Comput. 30(3), 900–905 (2013)
Qi, Y., Chen, J., Li, Q.M.: XACML policy evaluation optimization method based on reordering. J. Nanjing Univ. Sci. Technol. 39(2), 187–193 (2015)
Marouf, S., Shehab, M., Squicciarini, A.: Adaptive reordering and clustering-based framework for efficient XACML policy evaluation. IEEE Trans. Serv. Comput. 4(4), 300–313 (2012)
XACML 2.0 Conformance Test. http://www.oasis-open.org/committees/download.php/14846/xacml2.0-ct-v.0.4.zip
Acknowledgments
This research work is financially supported by the National Natural Science Foundation of China (grant No. 61402244 and 61371111), the Nantong Municipal Application Research Foundation of China (No. GY2015012), and the Funds of Natural Science Research (No. 15z06) and the Doctoral Start-up Scientific Research (No. 15B10) from Nantong University.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Lu, Q., Chen, J., Ma, H., Chen, W. (2016). XACML Policy Optimization Algorithm Based on Venn Diagram. In: Huang, DS., Jo, KH. (eds) Intelligent Computing Theories and Application. ICIC 2016. Lecture Notes in Computer Science(), vol 9772. Springer, Cham. https://doi.org/10.1007/978-3-319-42294-7_61
Download citation
DOI: https://doi.org/10.1007/978-3-319-42294-7_61
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-42293-0
Online ISBN: 978-3-319-42294-7
eBook Packages: Computer ScienceComputer Science (R0)