基于聚类和重排序的XACML策略评估优化方法  被引量:3

Optimization Method of XACML Policy Evaluation Based on Clustering and Reordering

在线阅读下载全文

作  者:郑楷 田秀霞 卢官宇 张玉秀 ZHENG Kai;TIAN Xiu-xia;LU Guan-yu;ZHANG Yu-Xiu(College of Computer Science and Technology,Shanghai University of Electric Power,Shanghai 200090,China)

机构地区:[1]上海电力大学计算机科学与技术学院,上海200090

出  处:《计算机仿真》2022年第10期519-525,共7页Computer Simulation

基  金:国家自然科学基金面上项目(61772327);国网甘肃省电力公司电力科学研究院横向项目(H2019-275);上海市大数据管理系统工程研究中心开放课题(H2020-216)。

摘  要:针对目前XACML存在的策略评估效率低下的问题,从规则聚类和规则重排序两方面对XACML策略做出了优化。依据访问控制规则间的相似度,采用基于密度的规则聚类算法,将大规模策略集分解为多个小规模的规则簇。计算中心将访问请求转发到相似度最高的规则簇,规则匹配器搜寻访问请求适配的规则,从而避免访问请求全量遍历策略集。基于规则优先度,采用规则重排序算法将高优先级规则置于簇内前端,并遵循“首次出现优先”的规则合并算法搜索适配规则,减少访问请求与规则的比较次数。实验结果表明,提出的策略优化方法能够有效提高XACML策略评估性能,与SUNXACML、SBA-XACML相比有较大提升。Aiming at the low efficiency of policy evaluation existing in XACML,the paper optimized the XACML policy from two aspects: rule clustering and rule reordering. According to the similarity of access control rules, the large policy set was decomposed into several small rule clusters by using the rule clustering algorithm based on density. The computing center forwarded the access request to the rule cluster with the highest similarity, and the rule matcher searched for the rules suitable for the access request, thus avoiding the full traversal of the policy set by the access request. Based on the rule priority, rules with high priority were placed in the front of the cluster by the rule reordering algorithm, and the rule combining algorithm of “First-applicable” was followed to search the fit rules and reduce the number of comparison between access requests and rules. Experimental results show that the proposed strategy optimization method can effectively improve the performance of XACML policy evaluation, which is better than Sun XACML and SBA-XACML.

关 键 词:可扩展的访问控制标记语言 评估性能 聚类 重排序 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象