Heterogeneity XACML policy evaluation engine

The first and foremost challenge in establishing a policy e valuation engine is the conflict-free distributed policy evaluation process that governs all the information and resource exchange in distributed environment. However, most of the researcher efforts in policy evaluation have been devoted to the topic of efficiency. While efficiency is an important issue, the effectiveness of policy evaluation may be limited if the resulting systems are not implemented correctly. To tackle the effectiveness, we demonstrate that heterogeneity conflicts are among the issues that should be addressed in distributed policy evaluation. To the best of our knowledge, heterogeneity issue has not been taken into account by existing policy evaluation engines. Current policy evaluation engines only utilized simple string-based methods during the policy evaluation process. However, each organization manages its own vocabulary of policies to serve their particular authority principle concern. Thus, we cannot expect that policies belonging to different organizations are based on the same vocabulary. Therefore, unique name assumption is not able to solve heterogeneity issue. We proposed an effective heterogeneity XACML policy evaluation engine called HXPEngine to detect and resolve heterogeneity conflicts. The comparison with existing engines is conducted, and findings show that HXPEngine is more effective than the previous evaluation engine.

[1]  Michael Carl Tschantz,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[2]  Jérôme Euzenat,et al.  A Survey of Schema-Based Matching Approaches , 2005, J. Data Semant..

[3]  Tao Xie,et al.  Multiple-implementation testing for XACML implementations , 2008, TAV-WEB '08.

[4]  Jorge Lobo,et al.  A Similarity Measure for Comparing XACML Policies , 2013, IEEE Transactions on Knowledge and Data Engineering.

[5]  Jorge Lobo,et al.  Analysis of privacy and security policies , 2009, IBM J. Res. Dev..

[6]  Anna Cinzia Squicciarini,et al.  Statistics & Clustering Based Framework for Efficient XACML Policy Evaluation , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[7]  Elisa Bertino,et al.  Secure interoperation in a multidomain environment employing RBAC policies , 2005, IEEE Transactions on Knowledge and Data Engineering.

[8]  Tao Xie,et al.  Designing Fast and Scalable XACML Policy Evaluation Engines , 2011, IEEE Transactions on Computers.