IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v10y2022i23p4530-d989293.html
   My bibliography  Save this article

Poliseek: A Fast XACML Policy Evaluation Engine Using Dimensionality Reduction and Characterized Search

Author

Listed:
  • Fan Deng

    (Institute of Systems Security and Control, School of Computer Science and Technology, Xi’an University of Science and Technology, Xi’an 710054, China)

  • Zhenhua Yu

    (Institute of Systems Security and Control, School of Computer Science and Technology, Xi’an University of Science and Technology, Xi’an 710054, China)

  • Xinrui Zhan

    (School of Computer Science and Technology, Xidian University, Xi’an 710071, China)

  • Chongyu Wang

    (School of Computer Science and Technology, Xidian University, Xi’an 710071, China)

  • Xiaolin Zhang

    (School of Cyber Engineering, Xidian University, Xi’an 710071, China)

  • Yangyang Zhang

    (School of Computer Science and Technology, Xidian University, Xi’an 710071, China)

  • Zilu Qin

    (School of Computer Science and Technology, Xidian University, Xi’an 710071, China)

Abstract

Due to evaluation performance limits and compatibility problems with PDP (Policy Decision Point) in practical information systems, some established schemes have limits in handling massive complex requests. To address the existing challenges of fast rule match on interval values, we propose a novel policy evaluation engine, namely Poliseek with three desired modules. A preprocessing module of Poliseek is equipped with a static encoding strategy and converts the XACML rules and requests into four-dimensional numeric vectors in an attribute space. Owing to a novel optimization object of minimizing interval collisions, a dimensionality reducer and diffuser module can generate candidate values related to each rule vector in the identification space. These values and requests are handled by a fast policy evaluation module using well-constructed hash buckets and a characterized search algorithm. The experimental results show that if the number of requests reaches 10,000, Poliseek can find the target rule approximately 1090, 15, and 15 times faster than the Sun PDP, XEngine, and SBA-XACML, respectively. Poliseek also offers a fast evaluation progress of handling 10,000 complex policy rules with interval attribute values in 275.9 ms, which shows its strong robustness and practicality.

Suggested Citation

  • Fan Deng & Zhenhua Yu & Xinrui Zhan & Chongyu Wang & Xiaolin Zhang & Yangyang Zhang & Zilu Qin, 2022. "Poliseek: A Fast XACML Policy Evaluation Engine Using Dimensionality Reduction and Characterized Search," Mathematics, MDPI, vol. 10(23), pages 1-25, November.
  • Handle: RePEc:gam:jmathe:v:10:y:2022:i:23:p:4530-:d:989293
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/10/23/4530/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/2227-7390/10/23/4530/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Saher Manaseer & Ahmad K. Al Hwaitat, 2018. "Measuring Parallel Performance of Sorting Algorithms," Modern Applied Science, Canadian Center of Science and Education, vol. 12(10), pages 1-23, October.
    2. Fan Deng & Ping Chen & Li-Yong Zhang & Xian-Qing Wang & Sun-De Li & Hui Xu, 2014. "Policy Decomposition for Evaluation Performance Improvement of PDP," Mathematical Problems in Engineering, Hindawi, vol. 2014, pages 1-14, May.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.

      Corrections

      All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:10:y:2022:i:23:p:4530-:d:989293. See general information about how to correct material in RePEc.

      If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

      If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

      If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

      For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

      Please note that corrections may take a couple of weeks to filter through the various RePEc services.

      IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.