A maturity metric based approach for eliciting SOA security requirements

Kassou, Meryem; Kjiri, Laïla

doi:10.1109/jns2.2012.6249231

Cited by 2 publications

(1 citation statement)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the service-oriented architecture (SOA) [1][2][3][4][5] environment, access control [6][7][8][9] is one significant part of security requirement [10][11][12][13][14][15]. Confronted with the requests of numerous users, all issued resources are required for access control protection by some predominant techniques, such as identity authentication [16][17][18][19][20] and dynamic authorization [21][22][23][24][25].…”

Section: Introductionmentioning

confidence: 99%

Policy Decomposition for Evaluation Performance Improvement of PDP

Fan

Chen

Zhang

et al. 2014

Mathematical Problems in Engineering

View full text Add to dashboard Cite

In conventional centralized authorization models, the evaluation performance of policy decision point (PDP) decreases obviously with the growing numbers of rules embodied in a policy. Aiming to improve the evaluation performance of PDP, a distributed policy evaluation engine called XDPEE is presented. In this engine, the unicity of PDP in the centralized authorization model is changed by increasing the number of PDPs. A policy should be decomposed into multiple subpolicies each with fewer rules by using a decomposition method, which can have the advantage of balancing the cost of subpolicies deployed to each PDP. Policy decomposition is the key problem of the evaluation performance improvement of PDPs. A greedy algorithm withO(nlgn)time complexity for policy decomposition is constructed. In experiments, the policy of the LMS, VMS, and ASMS in real applications is decomposed separately into multiple subpolicies based on the greedy algorithm. Policy decomposition guarantees that the cost of subpolicies deployed to each PDP is equal or approximately equal. Experimental results show that (1) the method of policy decomposition improves the evaluation performance of PDPs effectively and that (2) the evaluation time of PDPs reduces with the growing numbers of PDPs.

show abstract