授权服务中策略决策点的高效评估方法

doi:10.3969/j.issn.1001-2400.2013.06.019

Abstract

Abstract:

In authorization service, the efficiency of evaluation of a PDP(policy decision point) is a key issue that affects the efficiency of authorization service. However, the efficiencies of evaluation of many PDPs available are frequently influenced by the factors of conditions in rules. Said Marouf et al put forward a method in which the evaluation speed can be increased by adjusting the rules in policies according to user history access records. This paper analyzes the shortcomings of this method in real-time applications, and proposes that the rules order in policies can be instantaneously adjusted by user history access records and indexes as well as self-adaptation are added to a PDP so that the evaluation speed can be increased substantially. Experimental results indicate that when there are 9795 rules in a PDP, the evaluation time and the time consumption taken for a PDP applied with indexes and self-adaptation to complete an authorized operation call are shortened by 93.33％ and 76.32％ respectively, compared with those for a PDP which is not applied with indexes and self-adaptation. When the number of repeat visits from the same user is 7, the time consumption taken for a PDP applied with indexes and adaptation to complete an authorized operation call is shortened by 24.29％ compared with that for a PDP which is applied with indexes only.

Key words: authorization service, policy decision point, efficiency of evaluation, index, self-adaptation

CLC Number:

TP391

DENG Fan;CHEN Ping;ZHANG Liyong;WANG Xianqing; LI Sunde;WANG Bin. Study of high efficiency of evaluation of a PDP in authorization service[J].J4, 2013, 40(6): 105-110.

References

［1］ Bell M. SOA Modeling Patterns for Service-Oriented Discovery and Analysis［M］. New Jersey: John Wiley ＆ Sons, 2010: 390.
［2］ Alzahrani A, Janicke H, Abubaker S. Decentralized XACML Overlay Network［C］//The 10th IEEE International Conference on Computer and Information Technology. Piscataway: IEEE, 2010: 1032-1037.
［3］ Liu A, Chen F, Hwang J, et al. Designing Fast and Scalable XACML Policy Evaluation Engines［J］. IEEE Transactions on Computers, 2011, 60(12): 1802-1817.
［4］ Marouf S, Shehab M, Squicciarini A, et al. Adaptive Reordering ＆ Clustering Based Framework for Efficient XACML Policy Evaluation［J］. IEEE Transactions on Services Computing, 2011, 4(4): 300-313.
［5］王雅哲, 冯登国, 张立武, 等. 基于多层次优化技术的XACML策略评估引擎［J］. 软件学报, 2011, 22(2): 323-338.
Wang Yazhe, Feng Dengguo, Zhang liwu, et al. XACML Policy Evaluation Engine Based on Multi-Level Optimization Technology［J］. Journal of Software, 2011, 22(2): 323-338.
［6］ Le Traon Y, Mouelhi T, Pretschner A, et al. Test-driven Assessment of Access Control in Legacy Applications［C］//International Conference on Software Testing, Verification, and Validation. Piscataway: IEEE, 2008: 238-247.
［7］ Mouelhi T, Fleurey F, Baudry B, et al. A Model-based Framework for Security Policy Specification, Deployment and Testing［C］//The 11th International Conference on Model Driven Engineering Languages and Systems. Heidelberg: Springer-Verlag, 2008: 537-552.
［8］ Mouelhi T, Traon Y L, Baudry B. Transforming and Selecting Functional Test Cases for Security Policy Testing［C］//International Conference on Software Testing, Verification and Vahidation. Piscataway: IEEE, 2009: 171-180.
［9］ Martin E, Xie Tao. Automated Test Generation for Access Control Policies［C］//International Workshop on Software Engineering for Secure Systems. Piscataway: IEEE, 2006: 752-753.
［10］ Bertolino A, Daoudagh S, Lonetti F, et al. Automatic XACML Requests Generation for Policy Testing［C］//IEEE 5th International Conference on Software Testing, Verification and Validation. Piscataway: IEEE, 2012: 842-849.

[1]	LI Yuewu,HU Jianwang,JI Bing. New index for evaluation of the accuracy of the track fusion algorithm [J]. Journal of Xidian University, 2020, 47(1): 111-119.
[2]	LIU Wanling,XIAO Chengzhi,FU Yanggeng. Extended belief rule base inference method based on the Hash index [J]. Journal of Xidian University, 2019, 46(2): 145-151.
[3]	YUAN Tong;LIU Zhijing;LIU Hui. Optimizing the parallel adaptive indexing algorithm on multi-core CPUs [J]. Journal of Xidian University, 2016, 43(5): 57-62.
[4]	LIU Juanni;ZHOU Quan. SMVQ-index classified coding for lossless data hiding [J]. Journal of Xidian University, 2016, 43(5): 128-132+146.
[5]	MA Hongjin;NIE Yufeng. Anisotropic diffusion denoising method based on image feature enhancement [J]. J4, 2015, 42(5): 154-160.
[6]	MA Yanping;JI Guangrong;ZOU Hailin;XIE Hongtao. Data-oriented multi-index Hashing [J]. J4, 2015, 42(4): 159-164.
[7]	CUI Jiang-tao;GUO Yong;LI Guang-xin. Efficient video indexing method using dynamic distance measure for the principal component [J]. J4, 2009, 36(6): 1086-1091.
[8]	. Study of safety factors and non-probabilistic reliability measures of structures [J]. J4, 2009, 36(5): 916-920.
[9]	MA Juan;CHEN Jian-jun;XU Ya-lan;CUI Ming-tao. Analysis of the finite element and the reliability of the structures with fuzzy-random parameters based on the two-factor method [J]. J4, 2009, 36(1): 69-739.
[10]	MA Jia-jun;CAO Xiang-Yu;LIU Tao. Analysis of the double negative media based on the Drude model using the FDTD method [J]. J4, 2007, 34(7): 144-147.
[11]	CUI Jiang-tao(1);SUN Jun-ding(1;2);ZHOU Li-hua(1). An efficient high-dimensional image indexing method for relevance feedback [J]. J4, 2006, 33(1): 62-65.
[12]	ZHAO Heng;YANG Wan-hai;ZHANG Gao-yu. Fuzzy K-Harmonic Means clustering algorithm [J]. J4, 2005, 32(4): 603-606.
[13]	LI Xiao-jun1;ZHU Xiao-long2;ZHANG Xian-da2. Blind source separation: classification and frontiers [J]. J4, 2004, 31(3): 399-404.
[14]	WEI Xian-biao1;2;YU Li1. On the solvability of finite groups based on normal indexes [J]. J4, 2004, 31(2): 300-303.

Study of high efficiency of evaluation of a PDP in authorization service

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 14

Metrics

Comments

Recommended 0