Abstract
The Enterprise Privacy Authorization Language (EPAL) is a formal language for specifying fine-grained enterprise privacy policies. With the adoption of EPAL, especially in web applications, the performance of EPAL policy evaluation engines becomes a critical issue. In this paper, we propose Eengine, an engine for efficient EPAL policy evaluation. Eengine first converts all string values in an EPAL policy to numerical values. Second, it converts a numericalized EPAL policy specified as a list of rules following the first-match semantics to a tree structure for efficient processing of numericalized requests.
Similar content being viewed by others
References
IBM (2003) Enterprise Privacy Authorization Language (EPAL). http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/
Liu AX, Chen F, Hwang J, Xie T (2008) Xengine: a fast and scalable XACML policy evaluation engine. In: Proceedings of the ACM of international conference on measurement and modeling of computer systems, Sigmetrics, pp 265–276
Anderson AH (2006) A comparison of two privacy policy languages: EPAL and XACML. In: Proceedings of the 3rd ACM workshop on secure web services, pp 53–60
Borders K, Zhao X, Prakash A (2005) CPOL: high-performance policy evaluation. In: Proceedings of the ACM conference on computer and communications security, CCS, pp 147–157
Wei Q, Crampton J, Beznosov K, Ripeanu M (2008) Authorization recycling in RBAC systems. In: Proceedings of the ACM symposium on access control models and technologies, SACMAT
Crampton J, Leung W, Beznosov K (2006) The secondary and approximate authorization model and its application to Bell-Lapadula policies. In: Proceedings of the ACM symposium on access control models and technologies, SACMAT
Dong Q, Banerjee S, Wang J, Agrawal D, Shukla A (2006) Packet classifiers in ternary CAMs can be smaller. In: Proceedings of the ACM Sigmetrics, pp 311–322
Qiu L, Varghese G, Suri S (2001) Fast firewall implementations for software-based and hardware-based routers. In: Proceedings of the 9th international conference on network protocols, ICNP
Stufflebeam WH, Antón AI, He Q, Jain N (2004) Specifying privacy policies with P3P and EPAL: lessons learned. In: Proceedings of the ACM workshop on privacy in the electronic society, pp 35–36
Hung PCK, Ferrari E, Carminati B (2004) Towards standardized web services privacy technologies. In: Proceedings of the IEEE international conference on web services, pp 174–181
(2004) Unification in privacy policy evaluation—translating EPAL into prolog. In: Proceedings of the IEEE international workshop on policies for distributed systems and networks, pp 185–188
Barth A, Mitchell JC, Rosenstein J (2004) Conflict and combination in privacy policy languages. In: Proceedings of the ACM workshop on privacy in the electronic society, pp 45–46
Barth A, Mitchell JC (2005) Enterprise privacy promises and enforcement. In: Proceedings of the 2005 workshop on issues in the theory of security, pp 58–66
Gouda MG, Liu AX (2004) Firewall design: consistency, completeness and compactness. In: Proceedings of the IEEE international conference on distributed computing systems, ICDCS, pp 320–327
Gouda MG, Liu AX (2007) Structured firewall design. Comput Netw J 51(4):1106–1120
Author information
Authors and Affiliations
Corresponding author
Additional information
The work of Qiang Wang is done during his visit at Michigan State University.
Rights and permissions
About this article
Cite this article
Qin, Z., Chen, F., Wang, Q. et al. Towards high performance security policy evaluation. J Supercomput 59, 1577–1595 (2012). https://doi.org/10.1007/s11227-011-0569-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-011-0569-5