Automated xacml policy reconfiguration for evaluation optimisation

Authors:
Philip L. Miseldine
Affiliations:
SAP AG, Karlsruhe, Germany
Venue:
Proceedings of the fourth international workshop on Software engineering for secure systems
Year:
2008

Citing 7
Cited 5

First experiences using XACML for access control in distributed systems

Proceedings of the 2003 ACM workshop on XML security
Mining association rules from XML data using XQuery

ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
Report on the first "XQuery Implementation, Experience and Perspectives" workshop (XIME-P)

ACM SIGMOD Record
Similarity evaluation on tree-structured data

Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Enforcing Privacy by Means of an Ontology Driven XACML Framework

IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Static verification of access control model for AXML documents

APWeb/WAIM'07 Proceedings of the joint 9th Asia-Pacific web and 8th international conference on web-age information management conference on Advances in data and web management
Towards personal privacy control

OTM'07 Proceedings of the 2007 OTM Confederated international conference on On the move to meaningful internet systems - Volume Part II

The fourth international workshop on software engineering for secure systems: SESS'08 -- a trusted business world

Companion of the 30th international conference on Software engineering
Statistics & clustering based framework for efficient XACML policy evaluation

POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Idea: efficient evaluation of access control constraints

ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Refactoring access control policies for performance improvement

ICPE '12 Proceedings of the 3rd ACM/SPEC International Conference on Performance Engineering
Graph-based XACML evaluation

Proceedings of the 17th ACM symposium on Access Control Models and Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a programmatic approach to the optimisation of XACML policies that specifies how a set of access control rules should be best represented for optimised evaluation. The work assumes no changes to the current XACML specification and methods of interpretation shall be made, so that those who consume XACML are unaffected structurally, and those that generate XACML can provide optimised output. Discussion regarding the flexibility of the XACML specification to describe the same access rules with different policy configurations is presented, and is used to formulate a comprehensive analysis of the evaluation costs the possible policy configurations will produce. This leads to the specification of methods that can be employed to produce optimal forms of policy description. These are implemented and evaluated to show the benefits of the approach proposed.