References of "Hwang, Jeehyun"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailSelection of Regression System Tests for Security Policy Evolution
Hwang, JeeHyun; Xie, Tao; El Kateb, Donia UL et al

Scientific Conference (2012, September)

Detailed reference viewed: 116 (2 UL)
Full Text
Peer Reviewed
See detailRefactoring access control policies for performance improvement
El Kateb, Donia UL; Mouelhi, Tejeddine UL; Le Traon, Yves UL et al

in Proceedings of the 3rd ACM/SPEC International Conference on Performance Engineering (2012, April)

Detailed reference viewed: 94 (4 UL)
Full Text
Peer Reviewed
See detailRefactoring Access Control Policies for Performance Improvement
Elkateb, Donia UL; Mouelhi, Tejeddine UL; Le Traon, Yves UL et al

in Proceedings of the 3rd ACM/SPEC International Conference on Performance Engineering (ICPE 2012) (2012)

In order to facilitate managing authorization, access control architectures are designed to separate the business logic from an access control policy. To determine whether a user can access which ... [more ▼]

In order to facilitate managing authorization, access control architectures are designed to separate the business logic from an access control policy. To determine whether a user can access which resources, a request is formulated from a component, called a Policy Enforcement Point (PEP) located in application code. Given a request, a Policy Decision Point (PDP) evaluates the request against an access control policy and returns its access decision (i.e., permit or deny) to the PEP. With the growth of sensitive information for protection in an application, an access control policy consists of a larger number of rules, which often cause a performance bottleneck. To address this issue, we propose to refactor access control policies for performance improvement by splitting a policy (handled by a single PDP) into its corresponding multiple policies with a smaller number of rules (handled by multiple PDPs). We define seven attribute-set-based splitting criteria to facilitate splitting a policy. We have conducted an evaluation on three subjects of reallife Java systems, each of which interacts with access control policies. Our evaluation results show that (1) our approach preserves the initial architectural model in terms of interaction between the business logic and its corresponding rules in a policy, and (2) our approach enables to substantially reduce request evaluation time for most splitting criteria. Copyright 2012 ACM. [less ▲]

Detailed reference viewed: 105 (0 UL)