An evaluation and optimization method of xacml security policy

A security policy and optimization method technology, applied in the field of optimization, can solve the problems of high system resource overhead, many remote communication interactions, and the inability to meet the high business throughput of commercial applications, so as to achieve the effect of enhancing system availability, flexibility and usability
CN104836807BActive Publication Date: 2018-12-18CHINA ELECTRIC POWER RES INST +3
5 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA ELECTRIC POWER RES INST
Publication Date
2018-12-18

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention provides an evaluation and optimization method for an XACML (Extensible Access Control Markup Language) security strategy. The method comprises the following steps of: eliminating a redundancy rule; establishing a judgment result buffer pool and an XACML security strategy buffer pool; and dynamically changing the position of an XACML security strategy / rule. Specific to the performance defects and functional defects along with increase in the complexity of the strategy scale and strategy semantics in an existing XACML standard, the XACML security strategy evaluation and optimization method based on strategy redundancy elimination, caching and reordering is provided. Through adoption of the method, relevant optimum processing methods such as strategy analysis, rule matching and judgment response can be provided for performing fine-grained access control on resources; the efficiency during solving of the problems of strategy information retrieval, multi-strategy matching and the like with an XACML security strategy evaluation engine is increased effectively; and the system availability is enhanced. Moreover, the method can adapt to various strategy merging algorithms, and has high flexibility and availability.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to an optimization method, in particular to an evaluation and optimization method of an XACML security policy. Background technique

[0002] The access control markup language XACML (extensible access control markup language) has gradually become the actual standard for many enterprise applications and commercial products to implement security authorization functions. Emerging businesses such as distributed resource sharing, Web services, and inter-domain collaboration need to formulate a large number of XACML policy entries to implement fine-grained access control on resources. However, with the increase in policy size and policy semantic complexity, policy evaluation efficiency has become a constraint on system availability. key bottleneck. Although the XACML specification provides an implementation framework for access control, it does not provide related optimization processing methods such as policy analysis, rule matching, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More