学术文献库

Authorization and access control play an essential role in protecting sensitive information from malicious users. The system is based on security policies to determine if an access request is allowed. However, of late, the growing popularity of big data has created a new challenge which the security policy management is facing with such as dynamic and update policies in run time. Applications of dynamic policies have brought many benefits to modern domains. To the best of our knowledge, there are no previous studies focusing on solving authorization problems in the dynamic policy environments. In this article, we focus on analyzing and classifying when an update policy occurs, and provide a pragmatic solution for such dynamic policies. The contribution of this work is twofold: a novel solution for managing the policy changes even when the access request has been granted, and an XACML-based implementation to empirically evaluate the proposed solution. The experimental results show the comparison between the newly introduced XACs-DyPol framework with Balana (an open source framework supporting XACML 3.0). The datasets are XACML 3.0-based policies, including three samples of real-world policy sets. According to the comparison results, our XACs-DyPol framework performs better than Balana in terms of all updates in dynamic security policy cases. Specially, our proposed solution outperforms by an order of magnitude when the policy structure includes complex policy sets, policies, and rules or some complicated comparison expression which contains higher than function and less than function.