ANNPDP: An Efficient and Stable Evaluation Engine for Large-Scale Policy Sets

Abstract

As interactions between individuals and services increase, requests are more frequent and policy sets are larger. The evaluation performance of PDP (Policy Decision Point) plays a key role in the operation of a system. In order to solve bottlenecks of improving the PDP evaluation performance for large-scale policy sets, we propose an evaluation engine based on artificial neural networks, namely ANNPDP. We transform rules in a large-scale policy set described in the XACML (eXtensible Access Control Markup Language) into numerical rules. Evaluation networks are established and trained by the numerical rules. In order to ensure the accuracy, a misjudgment set is constructed for error corrections and stored by hash indexes. By simulating the arrival of requests, ANNPDP is compared with the Sun PDP, HPEngine, XEngine, and SBA-XACML. The experiment results show that ANNPDP has: 1) high performance: if the number of requests reaches 10,000, the evaluation time of ANNPDP on the large-scale policy set with 100,000 rules is approximately 0.46, 0.93, 0.71, and 1.43 percent of that of the Sun PDP, HPEngine, XEngine, and SBA-XACML, respectively, and 2) stability: as the size of the large-scale policy set and the number of requests increase, the evaluation time of ANNPDP grows linearly. ANNPDP can satisfy the requirements of an authorization system with large-scale policy sets.