Set-based approach for efficient evaluation and analysis of XACML policies. (c2014)

LAUR Repository

Show simple item record

dc.contributor.author Jebbaoui, Hussein M.
dc.date.accessioned 2015-02-11T10:06:56Z
dc.date.available 2015-02-11T10:06:56Z
dc.date.issued 2016-04-27
dc.date.submitted 2014-05-05
dc.identifier.uri http://hdl.handle.net/10725/1934
dc.description Includes bibliographical references (leaves 111-114). en_US
dc.description.abstract Policy-based computing is taking an increasing role in governing the systematic interaction among distributed cloud and Web services. XACML has been known as the de facto standard widely used by many vendors for specifying access control policies. Accordingly, the size and complexity of XACML policies are significantly growing to cope with the evolution of webbased applications. This growth raised many concerns related to the efficiency of real-time decision process (i.e. policy evaluation) and the correctness of complex policies. This thesis is addressing both concerns through the elaboration of SBA-XACML, a novel set-based scheme that provides efficient evaluation and analysis of XACML policies. To the best of our knowledge, we are the first addressing both problems simultaneously. Our approach constitutes of elaborating (1) set-based language that covers all the XACML components and establish an intermediate layer to which policies are automatically converted, (2) policy evaluation module that provides better performance compared to the industrial standard Sun Policy Decision Point (PDP) and its corresponding ameliorations, and (3) policy analysis module that allows to detect flaws, conflicts and redundancies in XACML policies. Formal and practical experiments have been conducted on real-life and synthetic XACML policies in order to demonstrate the efficiency, relevance and scalability of our proposition. The experimental results explore that SBA-XACML evaluation of large and small sizes policies offers better performance than the current approaches, by a factor ranging between 2.4 and 15 times faster depending on policy size. Moreover, they show how SBA-XACML analysis module allows detecting access flaws, conflict and redundancy at policy and rule levels. en_US
dc.language.iso en en_US
dc.subject XML (Document markup language) en_US
dc.subject Web services -- Security measures en_US
dc.subject Cloud computing -- Security measures en_US
dc.subject Computer systems -- Access control en_US
dc.subject Dissertations, Academic en_US
dc.subject Lebanese American University -- Dissertations en_US
dc.title Set-based approach for efficient evaluation and analysis of XACML policies. (c2014) en_US
dc.type Thesis en_US
dc.term.submitted Spring en_US
dc.author.degree MS in Computer Science en_US
dc.author.school Arts and Sciences en_US
dc.author.idnumber 201003548 en_US
dc.author.commembers Dr. Samer Habre
dc.author.commembers Dr. Faisal Abu-Khzam
dc.author.woa OA en_US
dc.description.physdesc 1 hard copy: xii, 114 leaves; ill. (some col.); 30 cm. available at RNL. en_US
dc.author.division Computer Science en_US
dc.author.advisor Dr. Azzam Mourad
dc.keywords Web Services Security en_US
dc.keywords Set-Based Algebra en_US
dc.keywords XACML en_US
dc.keywords Policy Evaluation en_US
dc.keywords Policy Analysis en_US
dc.keywords Real-Time Decision en_US
dc.keywords Access Control en_US
dc.identifier.doi https://doi.org/10.26756/th.2014.16 en_US
dc.publisher.institution Lebanese American University en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search LAUR

Advanced Search


My Account