direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Page Content

Bachelor Thesis: Caching and performance optimization in XACML


Caching and performance optimization in XACML



The eXtensible Access Control Markup Language (XACML) provides a way for flexible, policy based access control, allowing arbitrary rules or the implementation of more general access control schemes like role-based access control (RBAC) or attribute-based access control (ABAC). However, access control systems are deployed and used in increasingly complex situations and environments. Policy based access control systems like XACML, with their flexibility, accommodate these use cases and provide superior division of concerns through the separation of business logic and business policy, i.e. the access decision process and the access policy. Nevertheless, the increasing complexity through both a higher number of access policies as well as increased elaboration raises scalability concerns. This thesis explores the possibilities for caching and performance optimization in XACML, primarily focusing on XACML version 3 (XACMLv3) and its Policy Decision Point (PDP), to provide one more step towards remedying these concerns. It provides a survey of existing approaches to caching and performance optimization and concludes that most current approaches are concerned with the policy evaluation itself but not with finding applicable policies or loading and storing policies, rather attempting to increase performance through policy reconfiguration, translation, normalization or clustering. Although, depending on the situation, different parts of the evaluation process may bottleneck. Therefore, this thesis explores the use of caching at specific points during the evaluation process, namely loading policies, finding policies and evaluation, for better performance along with other more general improvements. However, due to the highly flexible nature of XACML special considerations are necessary for caching properly to still perform reliably as an authorization system. Additionally, this thesis considers memory consumption and efficiency.


Supervisor: Dirk Thatmann, Bersant Deva

Type:  Bachelor Thesis

Duration: 4 months

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe

TU Berlin - Service-centric Networking - TEL 19
Ernst-Reuter-Platz 7
10587 Berlin, Germany
Phone: +49 30 8353 58811
Fax: +49 30 8353 58409