XACML policy performance evaluation using a flexible load testing framework

The performance and scalability of access control systems is growing more important as organisations deploy ever more complex communications and content management systems. Fine-grained access control is becoming more pervasive, so decisions are more frequent and policy sets are larger. We outline a flexible performance testing framework that accepts XACML PDP implementations (in the server component) and submits representative access control requests (from the client component) in a representative temporal ordering. The framework includes instrumentation and analysis modules to support performance experiments. We describe an initial realization of the framework and report on initial experiments comparing the performance of the SunXACML and Enterprise XACML PDPs.

[1]  Tao Xie,et al.  Defining and Measuring Policy Coverage in Testing Access Control Policies , 2006, ICICS.

[2]  James A. Hendler,et al.  Analyzing web access control policies , 2007, WWW '07.

[3]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[4]  Anna Cinzia Squicciarini,et al.  Statistics & Clustering Based Framework for Efficient XACML Policy Evaluation , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[5]  Tao Xie,et al.  Xengine: a fast and scalable XACML policy evaluation engine , 2008, SIGMETRICS '08.

[6]  Evan Martin,et al.  Automated test generation for access control policies , 2006, OOPSLA '06.