Development of a new policy evaluation procedure for XACML

From Master Projects
Jump to: navigation, search

About Development of a new policy evaluation procedure for XACML


eXtensible Access Control Markup Language (XACML) has become the de facto standard for the policy specification access control policies on various platforms including the Web. XACML does not only provide a language to specify policies, but also an architecture for the enforcement of policies. In this thesis, we will develop an efficient policy evaluation procedure that is applied by the policy decision point (PDP) component of the architecture. The state-of-the-art on this research work is represented by XEngine [1] which employs decision diagrams to produce access decisions. The problem with this approach is it is memory hungry and may not scale in certain scenarios where memory is limited. The thesis will start with the analysis of decision diagrams that will identify their strengths and weaknesses. For instance, we should be able to answer the question at the end : for which kind of problems, canonical representation such as the one of decision diagrams, are good?

References: [1] Alex X. Liu, Fei Chen, JeeHyun Hwang, Tao Xie, "Designing Fast and Scalable XACML Policy Evaluation Engines". IEEE Trans. Computers 60(12): 1802-1817 (2011) [2] Santiago Pina Ros, Mario Lischka, Felix Gomez Marmol, "Graph-based XACML evaluation" SACMAT 2012: 83-92