scholarly journals Elimination of the Redundancy Related to Combining Algorithms to Improve the PDP Evaluation Performance

2016 ◽  
Vol 2016 ◽  
pp. 1-18
Author(s):  
Fan Deng ◽  
Li-Yong Zhang ◽  
Bo-Yu Zhou ◽  
Jia-Wei Zhang ◽  
Hong-Yang Cao
Keyword(s):  
Policy Decision ◽  
Brick Wall ◽  
Decision Point ◽  
Evaluation Performance ◽  
Policy Rule ◽  
Évaluation Performance ◽  
Policy Decision Point ◽  
Evaluation Time ◽  
And Storage ◽  
Target Attributes

If there are lots of redundancies in the policies loaded on the policy decision point (PDP) in the authorization access control model, the system will occupy more resources in operation and consumes plenty of evaluation time and storage space. In order to detect and eliminate policy redundancies and then improve evaluation performance of the PDP, aredundancy related to combining algorithmsdetecting and eliminating engine is proposed in this paper. This engine cannot only detect and eliminate theredundancy related to combining algorithms, but also evaluate access requests. AResource Brick Wallis constructed by the engine according to the resource attribute of a policy’s target attributes. By theResource Brick Walland the policy/rule combining algorithms, three theorems for detectingredundancies related to combining algorithmsare proposed. A comparison of the evaluation performance of theredundancy related to combining algorithmsdetecting and eliminating engine with that of Sun PDP is made. Experimental results show that the evaluation performance of the PDP can be prominently improved by eliminating theredundancy related to combining algorithms.

scholarly journals Policy Decomposition for Evaluation Performance Improvement of PDP

2014 ◽  
Vol 2014 ◽  
pp. 1-14 ◽  
Author(s):  
Fan Deng ◽  
Ping Chen ◽  
Li-Yong Zhang ◽  
Xian-Qing Wang ◽  
Sun-De Li ◽  
...  
Keyword(s):  
Performance Improvement ◽  
Greedy Algorithm ◽  
Policy Decision ◽  
Decision Point ◽  
Evaluation Performance ◽  
Évaluation Performance ◽  
Policy Decision Point ◽  
Evaluation Time ◽  
The Cost ◽  
The Greedy Algorithm

In conventional centralized authorization models, the evaluation performance of policy decision point (PDP) decreases obviously with the growing numbers of rules embodied in a policy. Aiming to improve the evaluation performance of PDP, a distributed policy evaluation engine called XDPEE is presented. In this engine, the unicity of PDP in the centralized authorization model is changed by increasing the number of PDPs. A policy should be decomposed into multiple subpolicies each with fewer rules by using a decomposition method, which can have the advantage of balancing the cost of subpolicies deployed to each PDP. Policy decomposition is the key problem of the evaluation performance improvement of PDPs. A greedy algorithm withO(nlgn)time complexity for policy decomposition is constructed. In experiments, the policy of the LMS, VMS, and ASMS in real applications is decomposed separately into multiple subpolicies based on the greedy algorithm. Policy decomposition guarantees that the cost of subpolicies deployed to each PDP is equal or approximately equal. Experimental results show that (1) the method of policy decomposition improves the evaluation performance of PDPs effectively and that (2) the evaluation time of PDPs reduces with the growing numbers of PDPs.

A Graph and Clustering-Based Framework for Efficient XACML Policy Evaluation

2020 ◽  
Vol 29 (01n02) ◽  
pp. 2040001
Author(s):  
Yanfei Li ◽  
Fan Deng
Keyword(s):  
Access Control ◽  
Policy Decision ◽  
Experimental Results ◽  
The Sun ◽  
Evaluation Performance ◽  
Évaluation Performance ◽  
Aggregate Function ◽  
Access Control Policies ◽  
Policy Decision Point ◽  
Rule Set

EXtensible Access Control Markup Language (XACML) is one of the standardized languages for specifying access control policies. Policies described by the XACML are used to express the security requirement in the network and information system when we study authorization access control. With the aim to improve the Policy Decision Point (PDP) evaluation performance, we put forward a Graph and Clustering-Based Framework, employing the aggregate function. First, we partition the rule set into subsets. For the single value, we select the best partition quantity based on the aggregate function. As for the interval value, we handle with the start point and the finish point, respectively, in the same way as single value. Second, the policy set is split according to the partition of rule set. In this way, not only single values, but also interval values are taken into consideration. After that, we explore the searching tree to obtain the possibly matched rules. Finally, we construct the combining tree and output the policy decision on the basis of it. The experimental results show that our approach is orders of magnitude better than the Sun PDP. A comparison in evaluation performance between the redundancy detecting and eliminating engine and the Sun PDP, as well as XEngine and SBA-XACML, is made. Experimental results show that the evaluation performance of the PDP can be prominently improved by eliminating redundancies.

Enforcing ASTD Access-Control Policies with WS-BPEL Processes in SOA Environments

2011 ◽  
Vol 2 (2) ◽  
pp. 37-59 ◽  
Author(s):  
Michel Embe Jiague ◽  
Marc Frappier ◽  
Frédéric Gervais ◽  
Régine Laleau ◽  
Richard St-Denis
Keyword(s):  
Policy Decision ◽  
Policy Enforcement ◽  
Decision Point ◽  
Public Agencies ◽  
Web Based ◽  
Access Control Policies ◽  
Policy Decision Point ◽  
Security Rule ◽  
Private Corporations ◽  
Bpel Processes

Controlling access to the Web services of public agencies and private corporations depends primarily on specifying and deploying functional security rules to satisfy strict regulations imposed by governments, particularly in the financial and health sectors. This paper focuses on one aspect of the SELKIS and EB3SEC projects related to the security of Web-based information systems, namely, the automatic transformation of security rules into WS-BPEL (or BPEL, for short) processes. The former are instantiated from security-rule patterns written in a graphical notation, called ASTD that is close to statecharts. The latter are executed by a BPEL engine integrated into a policy decision point, which is a component of a policy enforcement manager similar to that proposed in the XACML standard.

scholarly journals Performance Evaluation of Dorsal Vein Network of Hand Imaging Using Relative Total Variation-Based Regularization for Smoothing Technique in a Miniaturized Vein Imaging System: A Pilot Study

2021 ◽  
Vol 18 (4) ◽  
pp. 1548 ◽  
Author(s):  
Kyuseok Kim ◽  
Hyun-Woo Jeong ◽  
Youngjin Lee
Keyword(s):  
Image Quality ◽  
Total Variation ◽  
Near Infrared ◽  
Imaging System ◽  
Histogram Equalization ◽  
Evaluation Performance ◽  
Visual Evaluation ◽  
Évaluation Performance ◽  
Nir Imaging ◽  
Relative Total Variation

Vein puncture is commonly used for blood sampling, and accurately locating the blood vessel is an important challenge in the field of diagnostic tests. Imaging systems based on near-infrared (NIR) light are widely used for accurate human vein puncture. In particular, segmentation of a region of interest using the obtained NIR image is an important field, and research for improving the image quality by removing noise and enhancing the image contrast is being widely conducted. In this paper, we propose an effective model in which the relative total variation (RTV) regularization algorithm and contrast-limited adaptive histogram equalization (CLAHE) are combined, whereby some major edge information can be better preserved. In our previous study, we developed a miniaturized NIR imaging system using light with a wavelength of 720–1100 nm. We evaluated the usefulness of the proposed algorithm by applying it to images acquired by the developed NIR imaging system. Compared with the conventional algorithm, when the proposed method was applied to the NIR image, the visual evaluation performance and quantitative evaluation performance were enhanced. In particular, when the proposed algorithm was applied, the coefficient of variation was improved by a factor of 15.77 compared with the basic image. The main advantages of our algorithm are the high noise reduction efficiency, which is beneficial for reducing the amount of undesirable information, and better contrast. In conclusion, the applicability and usefulness of the algorithm combining the RTV approach and CLAHE for NIR images were demonstrated, and the proposed model can achieve a high image quality.

Sign in / Sign up

Export Citation Format

Share Document