Elimination of policy conflict to improve the PDP evaluation performance. (15th February 2017)

Record Type:
Journal Article
Title:
Elimination of policy conflict to improve the PDP evaluation performance. (15th February 2017)
Main Title:
Elimination of policy conflict to improve the PDP evaluation performance
Authors:
Deng, Fan
Zhang, Li-Yong
Abstract:
Abstract: In the authorization access control model, the Policy Decision Point (PDP) may make an inappropriate authorization decision or the operating efficiency of the network and information system may be influenced, because there might be conflicts in the policies loaded on the PDP. As a result, the PDP's evaluation performance is affected when it evaluates access requests. In order to detect and eliminate conflicts in a policy and achieve the goal that the PDP can evaluate access requests with high efficiency, a form conflict detecting and eliminating engine is presented. This engine can not only detect and eliminate form conflicts in a policy, but also evaluate access requests. In the form conflict detecting and eliminating engine, a Resource Index Tree is constructed to convert the rules in a policy defined by the XACML to the node information in the Resource Index Tree. On the basis of the dependent relationship of resources, the overlapping relationship of conditions and effect information, form conflicts in a policy are detected and eliminated. Experiments make comparisons of the evaluation performance of the form conflict detecting and eliminating engine with that of the Sun PDP, as well as XEngine and SBA-XACML. Experimental results show that the evaluation performance of the PDP can be greatly improved by eliminating form conflicts in the policies.
Is Part Of:
Journal of network and computer applications. Volume 80(2017)
Journal:
Journal of network and computer applications
Issue:
Volume 80(2017)
Issue Display:
Volume 80, Issue 2017 (2017)
Year:
2017
Volume:
80
Issue:
2017
Issue Sort Value:
2017-0080-2017-0000
Page Start:
45
Page End:
57
Publication Date:
2017-02-15
Subjects:
XACML -- Authorization -- Access control -- Policy conflict -- Policy Decision Point (PDP) -- Evaluation performance
Microcomputers -- Periodicals
Computer networks -- Periodicals
Application software -- Periodicals
Micro-ordinateurs -- Périodiques
Réseaux d'ordinateurs -- Périodiques
Logiciels d'application -- Périodiques
Application software
Computer networks
Microcomputers
Periodicals
004.05
004
Journal URLs:
http://www.sciencedirect.com/science/journal/10848045
http://www.elsevier.com/journals
DOI:
10.1016/j.jnca.2016.12.001
Languages:
English
ISSNs:
1084-8045
Deposit Type:
Legaldeposit
View Content:
Available online (eLD content is only available in our Reading Rooms)
Physical Locations:
British Library DSC - 5021.410600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store
Ingest File:
58.xml