基于统计分析优化的高性能XACML策略评估引擎
发布时间:2018-08-31 12:33
【摘要】:云存储随时随地访问、一键分享与协作、多平台随时同步、无限空间、永久免费等优点使得新注册用户数一直都保持两位数的增长态势,云存储市场前景非常广阔。但是由于云存储服务还不太成熟、安全架构尚不健全,与传统的将敏感数据保存在本地相比,,用户存在云端的敏感数据将面临很多无法控制的风险。最近几年云存储“泄密事件”非常频繁,安全隐患已阻碍云存储的大规模普及,如何保护用户敏感数据的机密性已成为云存储亟需解决的问题。 访问控制技术是保证云存储用户敏感数据安全的重要技术,基于属性的访问控制是在分布式应用的发展中被提出的一种新型访问控制模型,用于解决分布式应用下的访问控制问题,因而先天对云存储有更好的适应性。但随着系统在线用户和资源数量的不断增加,访问控制策略的结构越来越复杂,策略评估效率已成为制约系统可用性的关键瓶颈,亟需一种高效的评估引擎对海量用户的请求及时做出正确授权。 为提高分布式环境下策略评估引擎的效率,本文提出了新的策略评估引擎HPEngine。该引擎利用基于统计分析的策略优化机制动态精化策略,并将精化的策略由文本形式转化为数值形式;同时采用基于统计分析的多级缓存机制存储频繁调用的请求结果对、属性和策略信息。实验结果表明,HPEngine所采用的优化机制缩减了策略规模,降低了评估引擎和其他模块的通信开销,减少了匹配运算量,提高了匹配速度,整体评估效率优于其他同类系统。
[Abstract]:Cloud storage anytime, anywhere access, one-click sharing and cooperation, multi-platform synchronization at any time, unlimited space, permanent free and other advantages make the number of new registered users has maintained a double-digit growth trend, cloud storage market prospects are very broad. However, because cloud storage service is not mature and security architecture is not perfect, compared with the traditional storage of sensitive data in the local, users will face a lot of risks in cloud sensitive data. In recent years, cloud storage "leakage events" are very frequent, the security hidden danger has hindered the large-scale popularization of cloud storage, how to protect the confidentiality of user sensitive data has become a problem that needs to be solved urgently. Access control technology is an important technology to ensure the security of cloud storage user sensitive data. Attribute-based access control is a new access control model proposed in the development of distributed applications. It is used to solve the problem of access control in distributed applications, so it has better adaptability to cloud storage. However, with the increasing number of online users and resources, the structure of access control policy is becoming more and more complex, and the efficiency of policy evaluation has become the key bottleneck restricting the availability of the system. There is an urgent need for an efficient evaluation engine to grant timely and correct authorization to the requests of a large number of users. In order to improve the efficiency of policy evaluation engine in distributed environment, a new policy evaluation engine, HPEngine., is proposed in this paper. The engine uses the strategy optimization mechanism based on statistical analysis to dynamically refine the strategy, and converts the refined strategy from text to numerical form, and uses a multi-level cache mechanism based on statistical analysis to store the frequently invoked request results. Properties and policy information. The experimental results show that the optimization mechanism adopted by the HPA engine reduces the scale of the strategy, reduces the communication overhead between the evaluation engine and other modules, reduces the matching operation, improves the matching speed, and the overall evaluation efficiency is better than that of other similar systems.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP333;TP393.08
本文编号:2214996
[Abstract]:Cloud storage anytime, anywhere access, one-click sharing and cooperation, multi-platform synchronization at any time, unlimited space, permanent free and other advantages make the number of new registered users has maintained a double-digit growth trend, cloud storage market prospects are very broad. However, because cloud storage service is not mature and security architecture is not perfect, compared with the traditional storage of sensitive data in the local, users will face a lot of risks in cloud sensitive data. In recent years, cloud storage "leakage events" are very frequent, the security hidden danger has hindered the large-scale popularization of cloud storage, how to protect the confidentiality of user sensitive data has become a problem that needs to be solved urgently. Access control technology is an important technology to ensure the security of cloud storage user sensitive data. Attribute-based access control is a new access control model proposed in the development of distributed applications. It is used to solve the problem of access control in distributed applications, so it has better adaptability to cloud storage. However, with the increasing number of online users and resources, the structure of access control policy is becoming more and more complex, and the efficiency of policy evaluation has become the key bottleneck restricting the availability of the system. There is an urgent need for an efficient evaluation engine to grant timely and correct authorization to the requests of a large number of users. In order to improve the efficiency of policy evaluation engine in distributed environment, a new policy evaluation engine, HPEngine., is proposed in this paper. The engine uses the strategy optimization mechanism based on statistical analysis to dynamically refine the strategy, and converts the refined strategy from text to numerical form, and uses a multi-level cache mechanism based on statistical analysis to store the frequently invoked request results. Properties and policy information. The experimental results show that the optimization mechanism adopted by the HPA engine reduces the scale of the strategy, reduces the communication overhead between the evaluation engine and other modules, reduces the matching operation, improves the matching speed, and the overall evaluation efficiency is better than that of other similar systems.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP333;TP393.08
【参考文献】
相关期刊论文 前3条
1 王雅哲;冯登国;;一种XACML规则冲突及冗余分析方法[J];计算机学报;2009年03期
2 王雅哲;冯登国;张立武;张敏;;基于多层次优化技术的XACML策略评估引擎[J];软件学报;2011年02期
3 洪澄;张敏;冯登国;;面向云存储的高效动态密文访问控制方法[J];通信学报;2011年07期
本文编号:2214996
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2214996.html
