UPM Institutional Repository

Heterogeneity policy evaluation with modality conflict analysis


Citation

Teo, Poh Kuang (2017) Heterogeneity policy evaluation with modality conflict analysis. Doctoral thesis, Universiti Putra Malaysia.

Abstract

Policy evaluation is a process to determine whether a request satisfies the access control policies. There are two main phases in the policy evaluation, namely: (i) matching the attribute values of a request and a policy, and (ii) detecting modality conflict. Existing policy evaluation engines utilized a simple string equal matching function, but they do not explore naming heterogeneity. The authorizations could be propagated according to the inheritance relationships between concepts along not only subject, resource, action, but also location hierarchies. This thesis aimed to propose matching functions which are not limited to string equal matching function that aim to resolve naming heterogeneity, namely: synonym equal, hyponym, syntactical-synonym equal, syntactical-hyponym, syntactical equal, hyponym common word, and abbreviation equal. An authorization propagation rule is proposed to identify the applicable policies, which relies on inheritance relationships between concepts, on the basis of the partially ordered structures obtained by classifying subject, resource, action, and condition attributes. Our solution assists the policy administrators in filtering out the irrelevant policies which helps them to resolve the modality conflict among the applicable policies before the actual policy evaluation taken place. We have evaluated the effectiveness of our proposed solution on real XACML policies for university, conference management, and health-care domain. Our solution resulted lower percentage of R but higher percentage of P and F for all sets of policies when more attributes are considered in retrieving the applicable policies and in detecting the modality conflict compared when these constraints are not considered. Our solution achieved the higher percentage of P, R and F in matching the attribute values of a request and a policy, in retrieving the applicable policies, and in detecting modality conflict as compared to the previous work. The accuracy of the proposed solution indicates that our proposed solution is better than the Sun's XACML implementation in policy evaluation.


Download File

[img] Text
FSKTM 2017 69 - ir.pdf
Download (1MB)

Additional Metadata

Item Type: Thesis (Doctoral)
Subject: Heterogeneous computing
Subject: Analog computers
Call Number: FSKTM 2017 69
Chairman Supervisor: Hamidah Ibrahim, PhD
Divisions: Faculty of Computer Science and Information Technology
Depositing User: Ms. Nur Faseha Mohd Kadim
Date Deposited: 08 Sep 2020 07:10
Last Modified: 07 Jan 2022 07:34
URI: http://psasir.upm.edu.my/id/eprint/83245
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item