Skip to main content

An Extension of XACML to Improve the Performance of Decision Making Processes When Dealing with Stable Conditions

  • Conference paper
Systems and Virtualization Management. Standards and New Technologies (SVM 2008)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 18))

Included in the following conference series:

  • 331 Accesses

Abstract

XACML (eXtensible Access Control Markup Language) is an XML-based language for access control that has been standardized by OASIS. In this language, any entities involved in access control (i.e. users, resources, actions and environment) are specified by a set of attributes. This specification also includes the description of an architecture that explains how the policy decision point (PDP) retrieves the needed attributes values when it evaluates the policy to take its authorization decision. In this paper, we show that retrieving attributes values using a synchronous method as it is stated in XACML specification can be a bottleneck to the performance of the authorization decision making process. Especially, it is true when getting an attribute value is long and when the changing of this value doesn’t impact the policy result frequently. Thus, we propose an improvement of the XACML architecture. It uses an asynchronous approach that accelerates the decision making process when PDP deals with expressions that include such attributes. Experimental results prove the performance is improved.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Communication of the ACM (1976)

    Google Scholar 

  2. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM TISSEC 4(3), 222–274 (2001)

    Article  Google Scholar 

  3. Wang, L., Wijesekera, D., Jajodia, S.: A Logic-based Framework for Attribute based Access Control. In: 2nd ACM Workshop on FMSE (2004)

    Google Scholar 

  4. eXtensible Access Control Markup Language (XACML) version 2.0, OASIS Standard (February 2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os

  5. How To Calculate Bandwidth Utilization Using SNMP, CISCO TN 8141 (2005), http://www.cisco.com/warp/public/477/SNMP/calculate_bandwidth_snmp.htm

  6. Blumenthal, U., Wijnen, B.: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3), IETF RFC 3414 (2002)

    Google Scholar 

  7. Chadwick, D., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.-A.: Building a Modular Authorisation Infrastructure. In: The UK e-Science All Hands Meeting (2006)

    Google Scholar 

  8. Thompson, M.R., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM TISSEC 6(4) (2003)

    Google Scholar 

  9. Al-Muhtadi, J., Ranganathan, A., Campbell, R., Mickunas, M.D.: Cerberus: A Context-Aware Scheme for Smart Spaces. In: 1st IEEE International Conference on Pervasive Computing and Commmunications (PerCom 2003) (2003)

    Google Scholar 

  10. Wullens, C., Looi, M., Clark, A.: Towards Context-aware Security: An Authorization for Intranet Environments. In: 2nd IEEE annual conference on Pervasive Computing and Communications workshops (PerComW 2004) (2004)

    Google Scholar 

  11. Convington, M.J., Fogla, P., Zhan, Z., Ahamad, M.: A Context-aware Security Architecture for Engineering Applications. In: 18th annual Computer Security Applications Conference (ACSAC 2002) (2002)

    Google Scholar 

  12. Convington, M.J., Sastry, M.R.: A Contextual Attribute –Based Access Control Model. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4278, pp. 1996–2006. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Kephart, J.O., Chess, D.M.: The Vision of Autonomic Computing. Computer 36(1), 41–50 (2003)

    Article  MathSciNet  Google Scholar 

  14. Laborde, R., Desprats, T.: Dealing with Stable Environmental Conditions in XACML Systems. In: ICSNC 2007 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Laborde, R., Desprats, T. (2008). An Extension of XACML to Improve the Performance of Decision Making Processes When Dealing with Stable Conditions. In: Boursas, L., Carlson, M., Hommel, W., Sibilla, M., Wold, K. (eds) Systems and Virtualization Management. Standards and New Technologies. SVM 2008. Communications in Computer and Information Science, vol 18. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88708-9_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-88708-9_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-88707-2

  • Online ISBN: 978-3-540-88708-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics