Abstract
XACML (eXtensible Access Control Markup Language) is an XML-based language for access control that has been standardized by OASIS. In this language, any entities involved in access control (i.e. users, resources, actions and environment) are specified by a set of attributes. This specification also includes the description of an architecture that explains how the policy decision point (PDP) retrieves the needed attributes values when it evaluates the policy to take its authorization decision. In this paper, we show that retrieving attributes values using a synchronous method as it is stated in XACML specification can be a bottleneck to the performance of the authorization decision making process. Especially, it is true when getting an attribute value is long and when the changing of this value doesn’t impact the policy result frequently. Thus, we propose an improvement of the XACML architecture. It uses an asynchronous approach that accelerates the decision making process when PDP deals with expressions that include such attributes. Experimental results prove the performance is improved.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Communication of the ACM (1976)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM TISSEC 4(3), 222–274 (2001)
Wang, L., Wijesekera, D., Jajodia, S.: A Logic-based Framework for Attribute based Access Control. In: 2nd ACM Workshop on FMSE (2004)
eXtensible Access Control Markup Language (XACML) version 2.0, OASIS Standard (February 2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os
How To Calculate Bandwidth Utilization Using SNMP, CISCO TN 8141 (2005), http://www.cisco.com/warp/public/477/SNMP/calculate_bandwidth_snmp.htm
Blumenthal, U., Wijnen, B.: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3), IETF RFC 3414 (2002)
Chadwick, D., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.-A.: Building a Modular Authorisation Infrastructure. In: The UK e-Science All Hands Meeting (2006)
Thompson, M.R., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM TISSEC 6(4) (2003)
Al-Muhtadi, J., Ranganathan, A., Campbell, R., Mickunas, M.D.: Cerberus: A Context-Aware Scheme for Smart Spaces. In: 1st IEEE International Conference on Pervasive Computing and Commmunications (PerCom 2003) (2003)
Wullens, C., Looi, M., Clark, A.: Towards Context-aware Security: An Authorization for Intranet Environments. In: 2nd IEEE annual conference on Pervasive Computing and Communications workshops (PerComW 2004) (2004)
Convington, M.J., Fogla, P., Zhan, Z., Ahamad, M.: A Context-aware Security Architecture for Engineering Applications. In: 18th annual Computer Security Applications Conference (ACSAC 2002) (2002)
Convington, M.J., Sastry, M.R.: A Contextual Attribute –Based Access Control Model. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4278, pp. 1996–2006. Springer, Heidelberg (2006)
Kephart, J.O., Chess, D.M.: The Vision of Autonomic Computing. Computer 36(1), 41–50 (2003)
Laborde, R., Desprats, T.: Dealing with Stable Environmental Conditions in XACML Systems. In: ICSNC 2007 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Laborde, R., Desprats, T. (2008). An Extension of XACML to Improve the Performance of Decision Making Processes When Dealing with Stable Conditions. In: Boursas, L., Carlson, M., Hommel, W., Sibilla, M., Wold, K. (eds) Systems and Virtualization Management. Standards and New Technologies. SVM 2008. Communications in Computer and Information Science, vol 18. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88708-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-88708-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88707-2
Online ISBN: 978-3-540-88708-9
eBook Packages: Computer ScienceComputer Science (R0)