Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Zero-suppressed BDDs for set manipulation in combinatorial problems
DAC '93 Proceedings of the 30th international Design Automation Conference
Multi-Terminal Binary Decision Diagrams: An Efficient DataStructure for Matrix Representation
Formal Methods in System Design
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
An approach to evaluate policy similarity
Proceedings of the 12th ACM symposium on Access control models and technologies
Enforcing Privacy by Means of an Ontology Driven XACML Framework
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
XACML Policy Integration Algorithms
ACM Transactions on Information and System Security (TISSEC)
Automated xacml policy reconfiguration for evaluation optimisation
Proceedings of the fourth international workshop on Software engineering for secure systems
Xengine: a fast and scalable XACML policy evaluation engine
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Performance evaluation of XACML PDP implementations
Proceedings of the 2008 ACM workshop on Secure web services
Designing Fast and Scalable XACML Policy Evaluation Engines
IEEE Transactions on Computers
Adaptive Reordering and Clustering-Based Framework for Efficient XACML Policy Evaluation
IEEE Transactions on Services Computing
Introducing concurrency in policy-based access control
Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing
| Hi-index | 0.00 |
The amount of private information in the Internet is constantly increasing with the explosive growth of cloud computing and social networks. XACML is one of the most important standards for specifying access control policies for web services. The number of XACML policies grows really fast and evaluation processing time becomes longer. The XEngine approach proposes to rearrange the matching tree according to the attributes used in the target sections, but for speed reasons they only support equality of attribute values. For a fast termination the combining algorithms are transformed into a first applicable policy, which does not support obligations correctly. In our approach all comparison functions defined in XACML as well as obligations are supported. In this paper we propose an optimization for XACML policies evaluation based on two tree structures. The first one, called Matching Tree, is created for a fast searching of applicable rules. The second one, called Combining Tree, is used for the evaluation of the applicable rules. Finally, we propose an exploring method for the Matching Tree based on the binary search algorithm. The experimental results show that our approach is orders of magnitude better than Sun PDP.