Towards high performance security policy evaluation

Authors:
Zheng Qin;Fei Chen;Qiang Wang;Alex X. Liu;Zhiguang Qin
Affiliations:
College of Software, Hunan University, Changsha, China 410082;Department of Computer Science and Engineering, Michigan State University, East Lansing, USA 48824-1266;Department of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China 610054;Department of Computer Science and Engineering, Michigan State University, East Lansing, USA 48824-1266;Department of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China 610054
Venue:
The Journal of Supercomputing
Year:
2012

Citing 14
Cited 0

Fast Firewall Implementations for Software and Hardware-Based Routers

ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
Firewall Design: Consistency, Completeness, and Compactness

ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Unification in Privacy Policy Evaluation - Translating EPAL into Prolog

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Towards Standardized Web Services Privacy Technologies

ICWS '04 Proceedings of the IEEE International Conference on Web Services
Specifying privacy policies with P3P and EPAL: lessons learned

Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Conflict and combination in privacy policy languages

Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Enterprise privacy promises and enforcement

WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
CPOL: high-performance policy evaluation

Proceedings of the 12th ACM conference on Computer and communications security
The secondary and approximate authorization model and its application to Bell-LaPadula policies

Proceedings of the eleventh ACM symposium on Access control models and technologies
Packet classifiers in ternary CAMs can be smaller

SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
A comparison of two privacy policy languages: EPAL and XACML

Proceedings of the 3rd ACM workshop on Secure web services
Structured firewall design

Computer Networks: The International Journal of Computer and Telecommunications Networking
Xengine: a fast and scalable XACML policy evaluation engine

SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Authorization recycling in RBAC systems

Proceedings of the 13th ACM symposium on Access control models and technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Enterprise Privacy Authorization Language (EPAL) is a formal language for specifying fine-grained enterprise privacy policies. With the adoption of EPAL, especially in web applications, the performance of EPAL policy evaluation engines becomes a critical issue. In this paper, we propose Eengine, an engine for efficient EPAL policy evaluation. Eengine first converts all string values in an EPAL policy to numerical values. Second, it converts a numericalized EPAL policy specified as a list of rules following the first-match semantics to a tree structure for efficient processing of numericalized requests.