An efficient policy evaluation engine with locomotive algorithm

PDF / 3,152,700 Bytes
20 Pages / 595.276 x 790.866 pts Page_size
34 Downloads / 198 Views

(0123456789().,-volV)(0123456789(). ,- volV)

An efficient policy evaluation engine with locomotive algorithm Fan Deng1 • Zhenhua Yu1 • Houbing Song2 • Rongyi Zhao3 • Qi Zheng3 • Zhenyu Li3 • Huansheng He3 Yixin Zhang3 • Fangzhi Guo3

•

Received: 27 March 2020 / Revised: 20 October 2020 / Accepted: 30 October 2020 Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract The evaluation performance of PDP (policy decision point), especially in large-scale policy sets, is one of the most significant challenges in XACML (eXtensible Access Control Markup Language). With high time-consuming and extensive storage policies, large-scale policy sets are becoming more complicated when their evaluation performance need to be improved. Based on numericalization and batch processing, a new locomotive algorithm is proposed to design and implement a novel policy evaluation engine called XDPNBE that can efficiently deal with large-scale policy sets and make authorization decisions in multiple circumstances. XDPNBE enables efficient decisions within an attributed-based access control framework that has a strong promotion of evaluation performance. By simulating requests, XDPNBE is compared with the Sun PDP, XEngine, HPEngine and SBA-XACML. Experimental results show that if the number of requests reaches 10,000, the evaluation time of XDPNBE on the large-scale policy set with 120,000 rules is approximately 0.21%, 4.69%, 5.67% and 9.66% of that of the Sun PDP, XEngine, HPEngine and SBA-XACML, respectively. Keywords Evaluation performance Locomotive algorithm Policy decision point (PDP) XACML

1 Introduction Attribute-based access control is a significant security part in a SOA (Service Oriented Architecture) software system that defines an access control paradigm whereby access rights are granted to users who combine attributes together. Access control is an important security mechanism for the protection of sensitive information and authorization system resources [1, 2]. The operating efficiency of an authorization service is determined by the evaluation performance of PDP (policy decision point) that is a vital & Zhenhua Yu [email protected] & Houbing Song [email protected] 1

Institute of Systems Security and Control, School of Computer Science and Technology, Xi’an University of Science and Technology, Xi’an 710054, China

2

Department of Electrical, Computer, Software, and Systems Engineering, Embry-Riddle Aeronautical University, Daytona Beach, FL 32114, USA

3

School of Computer Science and Technology, Xidian University, Xi’an 710071, China

component in an access control model. PDP needs to load a policy set composed of a large number of policies, whose evaluation performance will fall into a serious degradation with the scale of a policy set growing larger and larger. This problem leads authorization service systems to a challenging position [3]. A large-scale policy set is a major bottleneck of improving PDP evaluation performance in an authorization system because of its flexible constructio

Data Loading...

An efficient policy evaluation engine with locomotive algorithm

Recommend Documents

Failure Analysis of a Locomotive Engine Oil Pump Shaft

An Improved On-Policy Reinforcement Learning Algorithm

An Efficient Web Caching Replacement Algorithm

An Algorithm for Constructing an Efficient Investment Portfolio

An Intelligent Evaluation System for Predicting Engine Driver Reliability

An efficient dynamic multicast traffic-grooming algorithm for WDM networks

AUG-BERT: An Efficient Data Augmentation Algorithm for Text Classification

An Efficient Semi-Algebraic Decoding Algorithm for Golay Code

An Efficient Algorithm for Fast Handoff in Wireless Mobile Networks

An Efficient Algorithm for Routing and Recharging of Electric Vehicles

An efficient algorithm for solving the generalized trust region subproblem

An Efficient Renewable Energy-Based Scheduling Algorithm for Cloud Computing