Said M. Marouf

Ph.D student

Department of Software & Information Systems

University of North Carolina at Charlotte

September 4 at 3:00pm
106 Woodward

Abstract:

The adoption of XACML as the standard for specifying access control policies for various applications, especially web services is vastly increasing. A policy evaluation engine can easily become a bottleneck when enforcing large policies. In this paper we propose an adaptive approach for XACML policy optimization. We proposed a clustering technique that categorizes policies and rules within a policy set and policy respectively in respect to target subjects. Furthermore, we propose a usage based framework that computes access request statistics to dynamically optimize the ordering of policies within a policy set and rules within a policy. Reordering is applied to categorized policies and rules from our proposed clustering technique. To evaluate the performance of our framework, we conducted extensive experiments on XACML policies. We evaluated separately the improvement due to categorization and to reordering techniques, in order to assess the policy sets targeted by our techniques. The experimental results show that our approach is orders of magnitude more efficient than the standard Sun PDP.

Bio:

I'm a second year PhD student in the department of Software & Information Systems here at UNC-Charlotte. I received my Bachelor's degree in Computer Engineering from the Islamic University in Gaza. After my graduation, I received the Fulbright scholarship to study my Master's degree in Software Engineering at the University of Wisconsin- La Crosse. My research focus then was on the security vulnerabilities within the Java programming language. My current research is in the area of Access Control, including the performance optimization of XACML PDP Engines. I've also worked on implementing dynamic & adaptable XACML PDP engines. My newest research focus is on building an access control policy recommendation system.

Back