Extensible access control markup language (XACML) strategy assessment engine system based on various optimization mechanisms

A policy evaluation and policy technology, applied in the field of network and information security, can solve the problems of low XACML policy evaluation efficiency, inability to guarantee cached content, frequent calls, etc., to reduce the amount of calculation, reduce communication loss, and improve efficiency.

Active Publication Date: 2013-07-10
XIDIAN UNIV
View PDF4 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the XACML policy evaluation engine system with multi-level optimization technology proposed by Chinese scholar Wang Yazhe and others improves the efficiency of XACML policy evaluation, the system cannot guarantee that the cached content must be called frequently, and its XACML policy matching is still a string comparison , so the efficiency of XACML policy evaluation is low, and it cannot meet the requirements of making correct decisions in a timely manner for access requests sent by a large number of users simultaneously in distributed environments such as cloud computing and social networks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Extensible access control markup language (XACML) strategy assessment engine system based on various optimization mechanisms
  • Extensible access control markup language (XACML) strategy assessment engine system based on various optimization mechanisms
  • Extensible access control markup language (XACML) strategy assessment engine system based on various optimization mechanisms

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] The present invention will be described in further detail below with reference to accompanying drawing

[0057] refer to figure 1 , the present invention mainly includes five functional component units: an audit service unit 1 , a policy management service unit 2 , a policy decision service unit 3 , a policy persistence service unit 4 and an attribute assertion service unit 5 . Among them, the audit service unit 1 records information such as system access requests, request responses, and policy set attribute calls; the policy management service unit 2 provides a centralized graphical policy management platform to complete the basic operations of policies and the refinement of dynamic XACML policies. 1. Numericalization of XACML policies; policy decision service unit 3, based on relevant information obtained from attribute assertion service unit 5 and policy persistence service unit 4, authorizes user access requests; policy persistence service unit 4 stores policies Th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an extensible access control markup language (XACML) strategy assessment engine system based on various optimization mechanisms. The problem that an existing XACML strategy assessment engine system cannot make a correct decision on access requests sent by a large number of users at the same time is solved. The system comprises an audit service (1), a strategy management service (2), a strategy decision service (3), a strategy persistence service (4) and an attribute assertion service (5). The audit service (1) records mutual information of the system. The strategy management service (2) provides a centralization type patterned strategic management platform. The strategy decision service (3) decides a user request. The strategy persistence service (4) provides a strategy storage function and a strategy search function. The attribute assertion service (5) provides an attribute storage function and an attribute search function. The system has the advantages of being high in assessment efficiency, small in matching computing amount, quick in matching speed and easy to integrate, the system can be used in distributed environment and can make the correct decision on the access requests sent by the large number of users.

Description

technical field [0001] The invention belongs to the technical field of network and information security, and relates to XACML policy evaluation technology in a distributed environment, specifically a system for improving the efficiency of XACML policy evaluation in a distributed environment, which can be used for cloud computing, social networks, Web services, etc. Make timely decisions on the access requests of a large number of users in a multi-mode environment. Background technique [0002] XACML (eXtensible Access Control Markup Language) is an extensible access control markup language. It was formulated by OASIS (Organization for the Advancement of Structured Information Standards) in February 2003 to determine the general access of user access requests. Control Strategy Description Language. As an access control policy description language, compared with other access control policy description languages, XACML has the characteristics of versatility, scalability, and p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06Q10/04
Inventor 牛德华马建峰马卓王蕾李辰楠
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap