Establishment of rule dictionary for efficient XACML policy management

摘要

In order to improve the evaluation efficiency of the XACML policy, the storage principle of the rule dictionary is analyzed and the XACML policy evaluation engine XDPMOE is proposed. This is a new XACML policy management optimization scheme based on bitmap storage and HashMap. First of all, we acquire numeralization policy set, establish the rule dictionary based on the array sequential storage structure, and use the rule dictionary to quickly index the policy rules to improve the efficiency of the policy evaluation. Secondly, bitmaps are used to store policy set, which reduces the space complexity of the engine. By simulating the arrival of the access request, the experimental results show that (1) By reordering the policy set, the time spent by the policy set in storing the bitmap is greatly reduced, and that (2) The average evaluation efficiency of XDPMOE has significantly improved compared to the Sun PDP, HPEngine and XEngine. The hash matching algorithm based on bitmap storage not only takes up less storage space, but also can improve the matching efficiency to a great extent.