First experiences using XACML for access control in distributed systems
Proceedings of the 2003 ACM workshop on XML security
Mining association rules from XML data using XQuery
ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
Similarity evaluation on tree-structured data
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Enforcing Privacy by Means of an Ontology Driven XACML Framework
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Static verification of access control model for AXML documents
APWeb/WAIM'07 Proceedings of the joint 9th Asia-Pacific web and 8th international conference on web-age information management conference on Advances in data and web management
Towards personal privacy control
OTM'07 Proceedings of the 2007 OTM Confederated international conference on On the move to meaningful internet systems - Volume Part II
Companion of the 30th international conference on Software engineering
Statistics & clustering based framework for efficient XACML policy evaluation
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Idea: efficient evaluation of access control constraints
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Refactoring access control policies for performance improvement
ICPE '12 Proceedings of the 3rd ACM/SPEC International Conference on Performance Engineering
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Hi-index | 0.00 |
We present a programmatic approach to the optimisation of XACML policies that specifies how a set of access control rules should be best represented for optimised evaluation. The work assumes no changes to the current XACML specification and methods of interpretation shall be made, so that those who consume XACML are unaffected structurally, and those that generate XACML can provide optimised output. Discussion regarding the flexibility of the XACML specification to describe the same access rules with different policy configurations is presented, and is used to formulate a comprehensive analysis of the evaluation costs the possible policy configurations will produce. This leads to the specification of methods that can be employed to produce optimal forms of policy description. These are implemented and evaluated to show the benefits of the approach proposed.