XACBench: a XACML policy benchmark

XACML standard defines a declarative language to determine access control policies which are critical for deploying security solutions. It is important to evaluate the performance of policies defined by XACML, for applications such as policy enforcement efficiency, policy refinement, anomaly detecti...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Soft computing (Berlin, Germany) Germany), 2020-11, Vol.24 (21), p.16081-16096
Hauptverfasser: Ahmadi, Shayan, Nassiri, Mohammad, Rezvani, Mohsen
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:XACML standard defines a declarative language to determine access control policies which are critical for deploying security solutions. It is important to evaluate the performance of policies defined by XACML, for applications such as policy enforcement efficiency, policy refinement, anomaly detection, conflict resolution, and policy similarity assessment. Due to security and confidentiality reasons, at hands policy sets for such evaluations are very rare. Moreover, these policy sets are created gradually, thus access to large and effective policy sets in a short time is challenging and daunting task. In this paper, we present XACBench, a suite of tools for both generating synthetic XACML policies and benchmarking the policy evaluation algorithms. To this end, XACBench first extracts, models and generalizes some statistical properties of an input policy which is called policy profile. Such profile helps generating policies in a way that accurately simulates the statistic properties of the input policy. XACBench then generates synthetic policies of any desired length based on the profile. It also provides a simple mechanism for controlling the correlation between the generated policies and the input policy with respect to the extracted policy profile. Experimental results demonstrate that our approach is efficient and scalable to various policy lengths as well as input policies.
ISSN:1432-7643
1433-7479
DOI:10.1007/s00500-020-04925-5