An evaluation and optimization method of xacml security policy

A security policy and optimization method technology, applied in the field of optimization, can solve the problems of high system resource overhead, many remote communication interactions, and the inability to meet the high business throughput of commercial applications, so as to achieve the effect of enhancing system availability, flexibility and usability

Active Publication Date: 2018-12-18
CHINA ELECTRIC POWER RES INST +3
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Emerging businesses such as distributed resource sharing, Web services, and inter-domain collaboration need to formulate a large number of XACML policy entries to implement fine-grained access control on resources. However, with the increase in policy size and policy semantic complexity, policy evaluation efficiency has become a constraint on system availability. the key bottleneck of
Although the XACML specification provides an implementation framework for access control, it does not provide related optimization processing methods such as policy analysis, rule matching, and judgment response, which largely leads to the XACML policy evaluation engine's inability to process policy information retrieval, multi-policy, etc. The actual performance index is low when there are problems such as matching, which is manifested in large system resource overhead, long delay in response to access requests, and many remote communication interactions, so it cannot meet the high business throughput of commercial applications.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An evaluation and optimization method of xacml security policy
  • An evaluation and optimization method of xacml security policy
  • An evaluation and optimization method of xacml security policy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] The present invention will be described in further detail below.

[0050] An evaluation and optimization method of a XACML security policy of the present invention is characterized in that: the method comprises the following steps:

[0051] Step 1: Eliminate redundant rules;

[0052] Step 2: Establish the judgment result cache pool and the XACML security policy cache pool;

[0053] Step 3: Dynamically change the location of the XACML security policy / rule.

[0054] In the step, the redundant rules existing under different merging algorithms are judged first, and then the redundant rules are eliminated.

[0055] Rudang rule R i Applies to requests, rule R j Bound to apply to the request, said R i cover R i , denoted as ; i · effect means R i The judgment result of , the value is Permit or Deny; it is divided into the following three situations:

[0056] (1) Under the permission-first merging algorithm, there are

[0057] 1) and R j · effect=Permit, then R ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an evaluation and optimization method for an XACML (Extensible Access Control Markup Language) security strategy. The method comprises the following steps of: eliminating a redundancy rule; establishing a judgment result buffer pool and an XACML security strategy buffer pool; and dynamically changing the position of an XACML security strategy / rule. Specific to the performance defects and functional defects along with increase in the complexity of the strategy scale and strategy semantics in an existing XACML standard, the XACML security strategy evaluation and optimization method based on strategy redundancy elimination, caching and reordering is provided. Through adoption of the method, relevant optimum processing methods such as strategy analysis, rule matching and judgment response can be provided for performing fine-grained access control on resources; the efficiency during solving of the problems of strategy information retrieval, multi-strategy matching and the like with an XACML security strategy evaluation engine is increased effectively; and the system availability is enhanced. Moreover, the method can adapt to various strategy merging algorithms, and has high flexibility and availability.

Description

technical field [0001] The invention relates to an optimization method, in particular to an evaluation and optimization method of an XACML security policy. Background technique [0002] The access control markup language XACML (extensible access control markup language) has gradually become the actual standard for many enterprise applications and commercial products to implement security authorization functions. Emerging businesses such as distributed resource sharing, Web services, and inter-domain collaboration need to formulate a large number of XACML policy entries to implement fine-grained access control on resources. However, with the increase in policy size and policy semantic complexity, policy evaluation efficiency has become a constraint on system availability. key bottleneck. Although the XACML specification provides an implementation framework for access control, it does not provide related optimization processing methods such as policy analysis, rule matching, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0263H04L63/107
Inventor 周诚邵志鹏马媛媛汪晨时坚李伟伟楚杰张波黄秀丽戴造建
Owner CHINA ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products