Heterogeneity policy evaluation with modality conflict analysis

Policy evaluation is a process to determine whether a request satisfies the access control policies. There are two main phases in the policy evaluation, namely: (i) matching the attribute values of a request and a policy, and (ii) detecting modality conflict. Existing policy evaluation engines ut...

全面介紹

Saved in:
書目詳細資料
主要作者: Teo, Poh Kuang
格式: Thesis
語言:English
出版: 2017
主題:
在線閱讀:http://psasir.upm.edu.my/id/eprint/83245/1/FSKTM%202017%2069%20-%20ir.pdf
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
實物特徵
總結:Policy evaluation is a process to determine whether a request satisfies the access control policies. There are two main phases in the policy evaluation, namely: (i) matching the attribute values of a request and a policy, and (ii) detecting modality conflict. Existing policy evaluation engines utilized a simple string equal matching function, but they do not explore naming heterogeneity. The authorizations could be propagated according to the inheritance relationships between concepts along not only subject, resource, action, but also location hierarchies. This thesis aimed to propose matching functions which are not limited to string equal matching function that aim to resolve naming heterogeneity, namely: synonym equal, hyponym, syntactical-synonym equal, syntactical-hyponym, syntactical equal, hyponym common word, and abbreviation equal. An authorization propagation rule is proposed to identify the applicable policies, which relies on inheritance relationships between concepts, on the basis of the partially ordered structures obtained by classifying subject, resource, action, and condition attributes. Our solution assists the policy administrators in filtering out the irrelevant policies which helps them to resolve the modality conflict among the applicable policies before the actual policy evaluation taken place. We have evaluated the effectiveness of our proposed solution on real XACML policies for university, conference management, and health-care domain. Our solution resulted lower percentage of R but higher percentage of P and F for all sets of policies when more attributes are considered in retrieving the applicable policies and in detecting the modality conflict compared when these constraints are not considered. Our solution achieved the higher percentage of P, R and F in matching the attribute values of a request and a policy, in retrieving the applicable policies, and in detecting modality conflict as compared to the previous work. The accuracy of the proposed solution indicates that our proposed solution is better than the Sun's XACML implementation in policy evaluation.