XACBench: a XACML policy benchmark
- PDF / 1,556,820 Bytes
- 16 Pages / 595.276 x 790.866 pts Page_size
- 95 Downloads / 195 Views
METHODOLOGIES AND APPLICATION
XACBench: a XACML policy benchmark Shayan Ahmadi1 · Mohammad Nassiri1
· Mohsen Rezvani2
© Springer-Verlag GmbH Germany, part of Springer Nature 2020
Abstract XACML standard defines a declarative language to determine access control policies which are critical for deploying security solutions. It is important to evaluate the performance of policies defined by XACML, for applications such as policy enforcement efficiency, policy refinement, anomaly detection, conflict resolution, and policy similarity assessment. Due to security and confidentiality reasons, at hands policy sets for such evaluations are very rare. Moreover, these policy sets are created gradually, thus access to large and effective policy sets in a short time is challenging and daunting task. In this paper, we present XACBench, a suite of tools for both generating synthetic XACML policies and benchmarking the policy evaluation algorithms. To this end, XACBench first extracts, models and generalizes some statistical properties of an input policy which is called policy profile. Such profile helps generating policies in a way that accurately simulates the statistic properties of the input policy. XACBench then generates synthetic policies of any desired length based on the profile. It also provides a simple mechanism for controlling the correlation between the generated policies and the input policy with respect to the extracted policy profile. Experimental results demonstrate that our approach is efficient and scalable to various policy lengths as well as input policies. Keywords Access control · XACML · Synthetic policy · Security policy · Policy evaluation
1 Introduction Due to the tremendous growth of web applications, access control policy languages for such applications have received considerable attention, which provides adequate security and privacy support for web applications. Access control in web applications includes monitoring users’ access to existing resources in a system. In other words, the access control unit after user authentication when logged in, ensures the users’ access only to system resources which are considCommunicated by V. Loia. The XACBench tools are publicly available at the following site: https://github.com/nassirim/xacBench.
B
Mohammad Nassiri [email protected] Shayan Ahmadi [email protected] Mohsen Rezvani [email protected]
1
2
Faculty of Engineering, Bu-Ali Sina University, Hamedan, Iran Faculty of Computer Engineering, Shahrood University of Technology, Shahrood, Iran
ered to be allowed for that user. The eXtensible Access Control Markup Language (XACML) is an XML-based and declarative language standardized by the Organization for the Advancement of Structured Information Standards (OASIS) to express security policies, request context, and response context statements (all written in XML) (OASIS 2013). The XACML standard (particularly version 3.0) also provides a rich data model for specifying the complex conditions, arbitrary attribute types, hierarchic
Data Loading...