SlideShare une entreprise Scribd logo

Multi-data-types Interval Decision Diagrams for XACML Evaluation Engine

Canh Ngo
Canh Ngo
TechnologieFormation
1  sur  25
Télécharger pour lire hors ligne
Multi-data-types Interval Decision Diagrams for XACML Evaluation Engine Canh Ngo, Marc X. Makkes, Yuri Demchenko, Cees de Laat System and Network Engineering Group, University of Amsterdam PST 2013 July 12, 2013
PST 2013, Tarragona, July 12, 2013 Content • Overview • Related work • Motivation • XACML Analysis • Proposed mechanisms: Multi-data-types Interval Decision Diagrams • XACML Evaluation Engine • Evaluation & Experiments • Conclusion 2/25
PST 2013, Tarragona, July 12, 2013 XACML Policy Language • XACML - eXtensible Access Control Markup Language – Attribute based Access Control model (ABAC) – History: • 2003 – XACML 1.0 • 2005 – XACML 2.0 • 2013 – XACML 3.0 Overview 3/25
PST 2013, Tarragona, July 12, 2013 XACML: Policy Language Model v3.0 XACML Overview PolicySet Policy Target Policy Combining Algorithm AnyOf AllOf Rule Condition Effect Rule Combining Algorithm Obligation Expression Advice Expression 1 1 1..* 1 1 1 1 1 1..* 0..* 1 0..* 1 1 11 1 11 1 0..* 0..* 0..* 0..* 1 0..* 0..* 1 1 4/25
PST 2013, Tarragona, July 12, 2013 XACML: Architecture XACML Overview Access Requester PEP Obligation service Context handler 3.Req 12. Resp PDP 4. Req 5. attr query 10. attrs 11. Resp PAP 1. Policies PIP 6. attr query 8. attributes 2. Request 13. Obligations Resource Subjects Environment 9. Res content 7b. Env attrs 7a. Subj attrs 7c. Res attrs 5/25
PST 2013, Tarragona, July 12, 2013 Motivation • XACML policy analysis and evaluation – High performance evaluation – Solve Indeterminate states handling – Complex XACML logic expressions – Support XACML analysis and verification. [*] Multiple Indeterminate states: Indeterminate , Indeterminate (D), Indeterminate(P), Indeterminate(DP) in XACML 3.0 6/25
PST 2013, Tarragona, July 12, 2013 Related work • Current implementations: – Mechanisms: brute-force search, caching decisions – SunXACML [1]: XACML 2.0 standard implementation: 100-200 req/s – Enterprise-XACML [2]: XACML 2.0, caching optimizations • Policy verification and managements – XACML verification with binary decision diagrams [3]. – Redundancy detection & optimization policies using description logic [4]. – Policy integration algebra with binary decision diagrams [5]. 1. http://sunxacml.sourceforge.net/: 2. http://code.google.com/p/enterprise-java-xacml/ 3. K. Fisler et. al. Verification and change-impact analysis of access-control policies. (ICSE '05) 4. V. Kolovski et. al. Analyzing web access control policies. (WWW '07) 5. P. Rao et. al. “An algebra for fine-grained integration of XACML policies” (SACMAT’09) 7/25
PST 2013, Tarragona, July 12, 2013 XACML policy evaluation • Marouf et. al. [6]: – Using statistics to cluster high frequent evaluated rules/policies to top levels • Liu et. Al. [7]: XEngine – Mechanism: using firewall decision diagram to transform XACML policies into flat policies; numericalize predefined values. – Pros: very high performance – Cons: only support “=” operators, fixed #attribute values; incorrect Indeterminate states processing Related work 6. S. Marouf et.al , “Statistics & Clustering Based Framework for Efficient XACML Policy Evaluation,” 2009 7. A. Liu et. al. “Designing Fast and Scalable XACML Policy Evaluation Engines.” IEEE Transactions on Computers , 2011 8/25
PST 2013, Tarragona, July 12, 2013 XACML policy evaluation • Ros et. al. [8]: Graph-based XACML evaluation – Mechanism: improved [6] with more comparable operators – Cons: support a subset of XACML policies • Ignore XACML Indeterminate states(*) • “MustBePresent” (**) property: handle missing attributes in requests • Data interval processing: handle simple forms of Target logic expressions Related work 8. S. Ros et. al. Graph-based XACML evaluation. (SACMAT '12). (*) XACML 3.0 has multi-decisions values: Permit (P), Deny (D), NotApplicable (NA), Indeterminate states (INDP, IND, INP) R(, data, r) DO(NA, P, NA) =P PDP R(, data, r) DO(IND, P, INP)=INDP PDP* CombiningAlgo="Deny-overrides" PolicyId=’P0' (resId=“data”) ^ (action=“r”) RuleId=‘R2’ Permit (role=“guests”) RuleId=‘R1’ Deny (role=“manager” ^ (resId=“data”) ^ (action=“w”) RuleId=‘R3’ Permit 9/25
PST 2013, Tarragona, July 12, 2013 Attribute logic expressions • Target Expression – AllOf expression: mkk – AnyOf expression: mkkj XACML Analysis T(X) = mk kji Request: X = {x1,x2..,xn} Match expression: mk:= (x, f, v) • Matching rule logic condition path Ti(X) i∈{P0..,Pk,r} → true A sample policy tree PS0 PS PS1 P R P P P P2 R RR R R R 10/25
PST 2013, Tarragona, July 12, 2013 XACML Combining Algorithms • Specifications: XACML 2.0, 3.0 • DFA representation: – States: Q= {P, D, INP, IND, INDP, NA} – Input symbols: Q – Start states: NA – Accept states: Q – Transition function: 𝛿: 𝑄 × 𝑄 → 𝑄 XACML Analysis Combining algorithms(*) Permit-overrides Deny-overrides First-applicable Only-one-applicable Permit-unless-deny Deny-unless-permit (*) XACML 3.0 specs P INDP INP D IND NA P P P P P P P INDP P INDP INDP INDP INDP INDP INP P INDP INP INDP INDP INP D P INDP INDP D D D IND P INDP INDP D IND IND NA P INDP INP D IND NA Permit-overrides transition function 11/25
PST 2013, Tarragona, July 12, 2013 Multi-data-type Interval Decision diagrams • Decision diagrams G(V, E) represents function f Proposed mechanism 𝑓 𝑥1, 𝑥2 … , 𝑥 𝑛 ≔ 𝐷1 × 𝐷2 … × 𝐷 𝑛 → {𝑡𝑟𝑢𝑒, 𝑓𝑎𝑙𝑠𝑒} 𝑓 𝑋 = ℎ 𝑥 𝑖 𝑃∈𝑃(𝐷 𝑖) (𝑃) 𝑓 𝑥 𝑖 𝑃 • Partial function decomposition ℎ 𝑥 𝑖 𝑃 = 𝑡𝑟𝑢𝑒 𝑖𝑓 𝑥 ∈ 𝑃 𝑓𝑎𝑙𝑠𝑒 𝑖𝑓 𝑥 ∉ 𝑃 Multi-data-type decision diagrams (MIDD): an example • Concepts – Interval: I  Di – Interval partition: P = {I | I  Di : Ii,Ij, i j, Ii  Ij =  } x1 x2 x3 P11 True P31 P12 x2 x2 P13 P21 x3 x3 x3 x3 P22 P23 P25 P26P24 P27 P32 P33 P34 P35 12/25
PST 2013, Tarragona, July 12, 2013 Generic Interval Partition Processing • Concept – Reduced interval partition: P’ = |P| • Operators on reduced interval partitions – Union: v P1  P2, v  P – Intersect: v P1  P2, v  P – Complement: v P1 P2, v  P • Operators on MIDDs: logical functions f1, f2 – Conjunctive join: Mf = Mf1  Mf2 – Disjunctive join: Mf = Mf1  Mf2 Proposed mechanism 13/25
PST 2013, Tarragona, July 12, 2013 Methods: Construct X-MIDDs XACML Evaluation MIDD parsing XACML rule R MIDDR X-MIDD transformation X-MIDDR Decision states MustBe Present Rule Effect NA False _ INP True Permit IND True Deny Extract, aggregate & reduce IP list from AllOf expressions Create a MIDD path for each AllOf expression Compose MIDDs: conjunctive & disjunctive joins Leaf node: condition, effect, obligations/advices Internal nodes: decision states 14/25
PST 2013, Tarragona, July 12, 2013 Methods: Construct X-MIDDs (2) XACML Evaluation RuleId=‘R1’ Permit                         )21()96( )'1085''1080(' )21( )'1098''1095(' )43()1712( )'1085''1080(' pricetime BLpcodeAB price XHpcodeCJ pricetime BLpcodeAB O1 CombiningAlgo="Permit-overrides" PolicyId=’P0' (‘1080AB’ ≤ pcode)  (pcode ≤ ‘1098XH’) RuleId=‘R2’    )12()'1098'( )21( )'1095''1085(' )17()'1080'(           timeXHpcode time CJpcodeBL timeABpcode Deny O2 Rule R1: MIDDs P-code time Price [1080AB,1085BL] [12pm,5pm] True [3,4] P-code Price [1095CJ,1098XH] [1,2] True P-code time [1080AB,1085BL] [6am,9am] Price [1,2] True 15/25
PST 2013, Tarragona, July 12, 2013 Methods: Construct X-MIDDs (3) XACML Evaluation Rule R1: Combined MIDDs P-code time Price [1080AB,1085BL] [6am,9am][12pm,5pm] True [3,4] Price [1095CJ,1098XH] [1,2] Rule R1: MIDDs P-code time Price [1080AB,1085BL] [12pm,5pm] True [3,4] P-code Price [1095CJ,1098XH] [1,2] True P-code time [1080AB,1085BL] [6am,9am] Price [1,2] True MIDD disjunctive/conjunctive joins 16/25
PST 2013, Tarragona, July 12, 2013 Methods: Construct X-MIDDs (4) XACML Evaluation Rule R1: Combined MIDDs P-code time Price [1080AB,1085BL] [6am,9am][12pm,5pm] True [3,4] Price [1095CJ,1098XH] [1,2] Transform P-code (INP) time (NA) Price (NA) [1080AB,1085BL] [6am,9am][12pm,5pm] P, (O1) [3,4] Price (NA) [1095CJ,1098XH] [1,2] X-MIDDR1 17/25
PST 2013, Tarragona, July 12, 2013 Methods: Construct X-MIDDs (4) XACML Evaluation P-code (INP) time (NA) Price (NA) [1080AB,1085BL] [6am,9am][12pm,5pm] P, (O1) [3,4] Price (NA) [1095CJ,1098XH] [1,2] X-MIDDR1 P-code (IND) time (NA) [1080AB] time (NA) [1085BL,1095CJ] D, (O2) [5pm] [9am] time (NA) [1098XH] [12pm] X-MIDDR2 18/25
PST 2013, Tarragona, July 12, 2013 Methods: Combine X-MIDDs XACML Evaluation time (NA) [1080AB] Price (D, (O2)) [5pm] [3,4] Price (NA) [12pm, 5pm) [3,4] Price (NA) [6am,9am] [1,2] time (NA) [1085BL] [6am,9am) Price (D, (O2)) [9am] [1,2] [12pm, 5pm] time (NA) [1095CJ] [9am] {(-inf,9am)U (9am, +inf)} time (NA) [1098XH] [12pm]{(-inf,12pm)U (12pm, +inf)} {(-inf,1)U (2, +inf)} {(-inf,3)U (4, +inf)} time (NA) (1080AB,1085BL) [6am,9am] [12pm, 5pm) (1095CJ,1098XH) time (NA) (1085BL,1095CJ) [9am] P, (O1) D, (O2) P-code (INDP) Permit-Overrides (X-MIDDR1, X-MIDDR2) X-MIDDP0 19/25
PST 2013, Tarragona, July 12, 2013 Evaluation and Experiments: complexity • Policies with n attributes • 𝑎𝑖 𝜖𝑃𝑖 • 𝑃𝑖 has 𝑘𝑖 distinct values in policies • X-MIDD complexity – Evaluation time (avg): 𝑂 𝑙𝑜𝑔2 2𝑘𝑖 + 1 + 1𝑛 𝑖=1 – Space (worst case): 𝑂 2𝑘𝑗 + 1𝑖 𝑗=1 𝑛 𝑖=1 XACML Evaluation 20/25
PST 2013, Tarragona, July 12, 2013 Evaluation and Experiments: Implementation • Implementation – XACML 3.0 – Oracle Java 1.7, Linux Mint x64 i5 2.67GHz, 4GB RAM – LGPL: https://code.google.com/p/sne-xacml/ • Validation – Compare with SunXACML – 1000 random requests/time XACML Evaluation 21/25
PST 2013, Tarragona, July 12, 2013 Evaluation and Experiments: performance XACML Evaluation Datasets Policy level # Policy- sets #Polici es #Rules Attrib utes Operators GEYSERS(*) 3 6 7 33 3 = Continue-a (**) 6 111 266 298 14 = Synthetic-360 4 31 72 360 10 =(80%), complex (20%) 1.0 10.0 100.0 1000.0 10000.0 100000.0 GEYSERS Continue-a Synthetic-360 Microseconds SNEXACML SunXACML (*) SNE-XACML: average response time for 1M random requests (*) GEYSERS Prj: http://www.geysers.eu/ (**) Fisler et. al. ICSE '05. 22/25
PST 2013, Tarragona, July 12, 2013 Evaluation and Experiments: microbenchmark XACML Evaluation 14.2% 38.7% 44.8% 3.4% 1.6% 2.5% 82.4% 59.7% 52.3% 0% 20% 40% 60% 80% 100% GEYSERS Continue-a Synthetic-360 X-MIDD eval. time Resp. conversion time Req. conversion time GEYSERS Continue-a Synthetic-360 Pre-processing (ms) 94 480 1043 X-MIDD size (nodes) 55 3258 104,675 Throughput (req/s) 229,551 172,114 238,878 23/25
PST 2013, Tarragona, July 12, 2013 Conclusions • Summary – High performance XACML evaluation – Solved Indeterminate states handling – Critical attribute property setting – Complex XACML logic expressions – Mechanisms for policy analysis & verification • Future work – Implementation: other XACML 3.0 features – Policy verification, redundancy detection. 24/25
Group Meeting Amsterdam, July 12, 2013 Thank you! Q&A Contact Information Canh Ngo System and Network Engineering research group (SNE) University of Amsterdam Email: t.c.ngo@uva.nl SNE-XACML project (LGPL): https://code.google.com/p/sne-xacml/ 25

Recommandé

Machine Learning - Supervised Learning
Machine Learning - Supervised LearningMachine Learning - Supervised Learning
Machine Learning - Supervised LearningGiorgio Alfredo Spedicato
 
Machine Learning - Principles
Machine Learning - PrinciplesMachine Learning - Principles
Machine Learning - PrinciplesGiorgio Alfredo Spedicato
 
Implementation of CDISC ADAM in The Pharmacokinetics Department
Implementation of CDISC ADAM in The Pharmacokinetics DepartmentImplementation of CDISC ADAM in The Pharmacokinetics Department
Implementation of CDISC ADAM in The Pharmacokinetics DepartmentSGS
 
Dask glm-scipy2017-final
Dask glm-scipy2017-finalDask glm-scipy2017-final
Dask glm-scipy2017-finalHussain Sultan
 
모듈형 패키지를 활용한 나만의 기계학습 모형 만들기 - 회귀나무모형을 중심으로
모듈형 패키지를 활용한 나만의 기계학습 모형 만들기 - 회귀나무모형을 중심으로 모듈형 패키지를 활용한 나만의 기계학습 모형 만들기 - 회귀나무모형을 중심으로
모듈형 패키지를 활용한 나만의 기계학습 모형 만들기 - 회귀나무모형을 중심으로 r-kor
 
Towards Increasing Predictability of Machine Learning Research
Towards Increasing Predictability of Machine Learning ResearchTowards Increasing Predictability of Machine Learning Research
Towards Increasing Predictability of Machine Learning ResearchArtemSunfun
 
Parallel External Memory Algorithms Applied to Generalized Linear Models
Parallel External Memory Algorithms Applied to Generalized Linear ModelsParallel External Memory Algorithms Applied to Generalized Linear Models
Parallel External Memory Algorithms Applied to Generalized Linear ModelsRevolution Analytics
 
Generalized Linear Models with H2O
Generalized Linear Models with H2O Generalized Linear Models with H2O
Generalized Linear Models with H2O Sri Ambati
 

Recommandé

Machine Learning - Supervised Learning
Machine Learning - Supervised LearningMachine Learning - Supervised Learning
Machine Learning - Supervised LearningGiorgio Alfredo Spedicato
 
Machine Learning - Principles
Machine Learning - PrinciplesMachine Learning - Principles
Machine Learning - PrinciplesGiorgio Alfredo Spedicato
 
Implementation of CDISC ADAM in The Pharmacokinetics Department
Implementation of CDISC ADAM in The Pharmacokinetics DepartmentImplementation of CDISC ADAM in The Pharmacokinetics Department
Implementation of CDISC ADAM in The Pharmacokinetics DepartmentSGS
 
Dask glm-scipy2017-final
Dask glm-scipy2017-finalDask glm-scipy2017-final
Dask glm-scipy2017-finalHussain Sultan
 
모듈형 패키지를 활용한 나만의 기계학습 모형 만들기 - 회귀나무모형을 중심으로
모듈형 패키지를 활용한 나만의 기계학습 모형 만들기 - 회귀나무모형을 중심으로 모듈형 패키지를 활용한 나만의 기계학습 모형 만들기 - 회귀나무모형을 중심으로
모듈형 패키지를 활용한 나만의 기계학습 모형 만들기 - 회귀나무모형을 중심으로 r-kor
 
Towards Increasing Predictability of Machine Learning Research
Towards Increasing Predictability of Machine Learning ResearchTowards Increasing Predictability of Machine Learning Research
Towards Increasing Predictability of Machine Learning ResearchArtemSunfun
 
Parallel External Memory Algorithms Applied to Generalized Linear Models
Parallel External Memory Algorithms Applied to Generalized Linear ModelsParallel External Memory Algorithms Applied to Generalized Linear Models
Parallel External Memory Algorithms Applied to Generalized Linear ModelsRevolution Analytics
 
Generalized Linear Models with H2O
Generalized Linear Models with H2O Generalized Linear Models with H2O
Generalized Linear Models with H2O Sri Ambati
 
Data mining with caret package
Data mining with caret packageData mining with caret package
Data mining with caret packageVivian S. Zhang
 
Machine Learning - Unsupervised Learning
Machine Learning - Unsupervised LearningMachine Learning - Unsupervised Learning
Machine Learning - Unsupervised LearningGiorgio Alfredo Spedicato
 
Scalable Data Analysis in R Webinar Presentation
Scalable Data Analysis in R Webinar PresentationScalable Data Analysis in R Webinar Presentation
Scalable Data Analysis in R Webinar PresentationRevolution Analytics
 
Machine Learning - Intro
Machine Learning - IntroMachine Learning - Intro
Machine Learning - IntroGiorgio Alfredo Spedicato
 
The caret Package: A Unified Interface for Predictive Models
The caret Package: A Unified Interface for Predictive ModelsThe caret Package: A Unified Interface for Predictive Models
The caret Package: A Unified Interface for Predictive ModelsNYC Predictive Analytics
 
ADaM - Where Do I Start?
ADaM - Where Do I Start?ADaM - Where Do I Start?
ADaM - Where Do I Start?Dr.Sangram Parbhane
 
Feature Engineering - Getting most out of data for predictive models - TDC 2017
Feature Engineering - Getting most out of data for predictive models - TDC 2017Feature Engineering - Getting most out of data for predictive models - TDC 2017
Feature Engineering - Getting most out of data for predictive models - TDC 2017Gabriel Moreira
 
The caret package is a unified interface to a large number of predictive mode...
The caret package is a unified interface to a large number of predictive mode...The caret package is a unified interface to a large number of predictive mode...
The caret package is a unified interface to a large number of predictive mode...odsc
 
Caret Package for R
Caret Package for RCaret Package for R
Caret Package for Rkmettler
 
Kaggle Winning Solution Xgboost algorithm -- Let us learn from its author
Kaggle Winning Solution Xgboost algorithm -- Let us learn from its authorKaggle Winning Solution Xgboost algorithm -- Let us learn from its author
Kaggle Winning Solution Xgboost algorithm -- Let us learn from its authorVivian S. Zhang
 
Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...
Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...
Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...Vivian S. Zhang
 
Kaggle talk series top 0.2% kaggler on amazon employee access challenge
Kaggle talk series top 0.2% kaggler on amazon employee access challengeKaggle talk series top 0.2% kaggler on amazon employee access challenge
Kaggle talk series top 0.2% kaggler on amazon employee access challengeVivian S. Zhang
 
Generalized Linear Models in Spark MLlib and SparkR
Generalized Linear Models in Spark MLlib and SparkRGeneralized Linear Models in Spark MLlib and SparkR
Generalized Linear Models in Spark MLlib and SparkRDatabricks
 
IRJET- Novel based Stock Value Prediction Method
IRJET- Novel based Stock Value Prediction MethodIRJET- Novel based Stock Value Prediction Method
IRJET- Novel based Stock Value Prediction MethodIRJET Journal
 
IRJET- Review of Existing Methods in K-Means Clustering Algorithm
IRJET- Review of Existing Methods in K-Means Clustering AlgorithmIRJET- Review of Existing Methods in K-Means Clustering Algorithm
IRJET- Review of Existing Methods in K-Means Clustering AlgorithmIRJET Journal
 
Overview of Apache SystemML by Berthold Reinwald and Nakul Jindal
Overview of Apache SystemML by Berthold Reinwald and Nakul JindalOverview of Apache SystemML by Berthold Reinwald and Nakul Jindal
Overview of Apache SystemML by Berthold Reinwald and Nakul JindalArvind Surve
 
Enhancing Spark SQL Optimizer with Reliable Statistics
Enhancing Spark SQL Optimizer with Reliable StatisticsEnhancing Spark SQL Optimizer with Reliable Statistics
Enhancing Spark SQL Optimizer with Reliable StatisticsJen Aman
 
Training and Inference for Deep Gaussian Processes
Training and Inference for Deep Gaussian ProcessesTraining and Inference for Deep Gaussian Processes
Training and Inference for Deep Gaussian ProcessesKeyon Vafa
 
Histograms: Pre-12c and now
Histograms: Pre-12c and nowHistograms: Pre-12c and now
Histograms: Pre-12c and nowAnju Garg
 
ADaM datasets for graphs (paper)
ADaM datasets for graphs (paper)ADaM datasets for graphs (paper)
ADaM datasets for graphs (paper)Kevin Lee
 
Mobility insights at Swisscom - Understanding collective mobility in Switzerland
Mobility insights at Swisscom - Understanding collective mobility in SwitzerlandMobility insights at Swisscom - Understanding collective mobility in Switzerland
Mobility insights at Swisscom - Understanding collective mobility in SwitzerlandFrançois Garillot
 
Spark Summit EU talk by Francois Garillot and Mohamed Kafsi
Spark Summit EU talk by Francois Garillot and Mohamed KafsiSpark Summit EU talk by Francois Garillot and Mohamed Kafsi
Spark Summit EU talk by Francois Garillot and Mohamed KafsiSpark Summit
 

Contenu connexe

Tendances

Data mining with caret package
Data mining with caret packageData mining with caret package
Data mining with caret packageVivian S. Zhang
 
Scalable Data Analysis in R Webinar Presentation
Scalable Data Analysis in R Webinar PresentationScalable Data Analysis in R Webinar Presentation
Scalable Data Analysis in R Webinar PresentationRevolution Analytics
 
The caret Package: A Unified Interface for Predictive Models
The caret Package: A Unified Interface for Predictive ModelsThe caret Package: A Unified Interface for Predictive Models
The caret Package: A Unified Interface for Predictive ModelsNYC Predictive Analytics
 
Feature Engineering - Getting most out of data for predictive models - TDC 2017
Feature Engineering - Getting most out of data for predictive models - TDC 2017Feature Engineering - Getting most out of data for predictive models - TDC 2017
Feature Engineering - Getting most out of data for predictive models - TDC 2017Gabriel Moreira
 
The caret package is a unified interface to a large number of predictive mode...
The caret package is a unified interface to a large number of predictive mode...The caret package is a unified interface to a large number of predictive mode...
The caret package is a unified interface to a large number of predictive mode...odsc
 
Caret Package for R
Caret Package for RCaret Package for R
Caret Package for Rkmettler
 
Kaggle Winning Solution Xgboost algorithm -- Let us learn from its author
Kaggle Winning Solution Xgboost algorithm -- Let us learn from its authorKaggle Winning Solution Xgboost algorithm -- Let us learn from its author
Kaggle Winning Solution Xgboost algorithm -- Let us learn from its authorVivian S. Zhang
 
Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...
Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...
Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...Vivian S. Zhang
 
Kaggle talk series top 0.2% kaggler on amazon employee access challenge
Kaggle talk series top 0.2% kaggler on amazon employee access challengeKaggle talk series top 0.2% kaggler on amazon employee access challenge
Kaggle talk series top 0.2% kaggler on amazon employee access challengeVivian S. Zhang
 
Generalized Linear Models in Spark MLlib and SparkR
Generalized Linear Models in Spark MLlib and SparkRGeneralized Linear Models in Spark MLlib and SparkR
Generalized Linear Models in Spark MLlib and SparkRDatabricks
 
IRJET- Novel based Stock Value Prediction Method
IRJET- Novel based Stock Value Prediction MethodIRJET- Novel based Stock Value Prediction Method
IRJET- Novel based Stock Value Prediction MethodIRJET Journal
 
IRJET- Review of Existing Methods in K-Means Clustering Algorithm
IRJET- Review of Existing Methods in K-Means Clustering AlgorithmIRJET- Review of Existing Methods in K-Means Clustering Algorithm
IRJET- Review of Existing Methods in K-Means Clustering AlgorithmIRJET Journal
 
Overview of Apache SystemML by Berthold Reinwald and Nakul Jindal
Overview of Apache SystemML by Berthold Reinwald and Nakul JindalOverview of Apache SystemML by Berthold Reinwald and Nakul Jindal
Overview of Apache SystemML by Berthold Reinwald and Nakul JindalArvind Surve
 
Enhancing Spark SQL Optimizer with Reliable Statistics
Enhancing Spark SQL Optimizer with Reliable StatisticsEnhancing Spark SQL Optimizer with Reliable Statistics
Enhancing Spark SQL Optimizer with Reliable StatisticsJen Aman
 
Training and Inference for Deep Gaussian Processes
Training and Inference for Deep Gaussian ProcessesTraining and Inference for Deep Gaussian Processes
Training and Inference for Deep Gaussian ProcessesKeyon Vafa
 
Histograms: Pre-12c and now
Histograms: Pre-12c and nowHistograms: Pre-12c and now
Histograms: Pre-12c and nowAnju Garg
 
ADaM datasets for graphs (paper)
ADaM datasets for graphs (paper)ADaM datasets for graphs (paper)
ADaM datasets for graphs (paper)Kevin Lee
 

Tendances (20)

Data mining with caret package
Data mining with caret packageData mining with caret package
Data mining with caret package
 
Machine Learning - Unsupervised Learning
Machine Learning - Unsupervised LearningMachine Learning - Unsupervised Learning
Machine Learning - Unsupervised Learning
 
Scalable Data Analysis in R Webinar Presentation
Scalable Data Analysis in R Webinar PresentationScalable Data Analysis in R Webinar Presentation
Scalable Data Analysis in R Webinar Presentation
 
Machine Learning - Intro
Machine Learning - IntroMachine Learning - Intro
Machine Learning - Intro
 
The caret Package: A Unified Interface for Predictive Models
The caret Package: A Unified Interface for Predictive ModelsThe caret Package: A Unified Interface for Predictive Models
The caret Package: A Unified Interface for Predictive Models
 
ADaM - Where Do I Start?
ADaM - Where Do I Start?ADaM - Where Do I Start?
ADaM - Where Do I Start?
 
Feature Engineering - Getting most out of data for predictive models - TDC 2017
Feature Engineering - Getting most out of data for predictive models - TDC 2017Feature Engineering - Getting most out of data for predictive models - TDC 2017
Feature Engineering - Getting most out of data for predictive models - TDC 2017
 
The caret package is a unified interface to a large number of predictive mode...
The caret package is a unified interface to a large number of predictive mode...The caret package is a unified interface to a large number of predictive mode...
The caret package is a unified interface to a large number of predictive mode...
 
Caret Package for R
Caret Package for RCaret Package for R
Caret Package for R
 
Kaggle Winning Solution Xgboost algorithm -- Let us learn from its author
Kaggle Winning Solution Xgboost algorithm -- Let us learn from its authorKaggle Winning Solution Xgboost algorithm -- Let us learn from its author
Kaggle Winning Solution Xgboost algorithm -- Let us learn from its author
 
Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...
Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...
Data Science Academy Student Demo day--Peggy sobolewski,analyzing transporati...
 
Kaggle talk series top 0.2% kaggler on amazon employee access challenge
Kaggle talk series top 0.2% kaggler on amazon employee access challengeKaggle talk series top 0.2% kaggler on amazon employee access challenge
Kaggle talk series top 0.2% kaggler on amazon employee access challenge
 
Generalized Linear Models in Spark MLlib and SparkR
Generalized Linear Models in Spark MLlib and SparkRGeneralized Linear Models in Spark MLlib and SparkR
Generalized Linear Models in Spark MLlib and SparkR
 
IRJET- Novel based Stock Value Prediction Method
IRJET- Novel based Stock Value Prediction MethodIRJET- Novel based Stock Value Prediction Method
IRJET- Novel based Stock Value Prediction Method
 
IRJET- Review of Existing Methods in K-Means Clustering Algorithm
IRJET- Review of Existing Methods in K-Means Clustering AlgorithmIRJET- Review of Existing Methods in K-Means Clustering Algorithm
IRJET- Review of Existing Methods in K-Means Clustering Algorithm
 
Overview of Apache SystemML by Berthold Reinwald and Nakul Jindal
Overview of Apache SystemML by Berthold Reinwald and Nakul JindalOverview of Apache SystemML by Berthold Reinwald and Nakul Jindal
Overview of Apache SystemML by Berthold Reinwald and Nakul Jindal
 
Enhancing Spark SQL Optimizer with Reliable Statistics
Enhancing Spark SQL Optimizer with Reliable StatisticsEnhancing Spark SQL Optimizer with Reliable Statistics
Enhancing Spark SQL Optimizer with Reliable Statistics
 
Training and Inference for Deep Gaussian Processes
Training and Inference for Deep Gaussian ProcessesTraining and Inference for Deep Gaussian Processes
Training and Inference for Deep Gaussian Processes
 
Histograms: Pre-12c and now
Histograms: Pre-12c and nowHistograms: Pre-12c and now
Histograms: Pre-12c and now
 
ADaM datasets for graphs (paper)
ADaM datasets for graphs (paper)ADaM datasets for graphs (paper)
ADaM datasets for graphs (paper)
 

Similaire à Multi-data-types Interval Decision Diagrams for XACML Evaluation Engine

Mobility insights at Swisscom - Understanding collective mobility in Switzerland
Mobility insights at Swisscom - Understanding collective mobility in SwitzerlandMobility insights at Swisscom - Understanding collective mobility in Switzerland
Mobility insights at Swisscom - Understanding collective mobility in SwitzerlandFrançois Garillot
 
Spark Summit EU talk by Francois Garillot and Mohamed Kafsi
Spark Summit EU talk by Francois Garillot and Mohamed KafsiSpark Summit EU talk by Francois Garillot and Mohamed Kafsi
Spark Summit EU talk by Francois Garillot and Mohamed KafsiSpark Summit
 
M3AT: Monitoring Agents Assignment Model for the Data-Intensive Applications
M3AT: Monitoring Agents Assignment Model for the Data-Intensive ApplicationsM3AT: Monitoring Agents Assignment Model for the Data-Intensive Applications
M3AT: Monitoring Agents Assignment Model for the Data-Intensive ApplicationsVladislavKashansky
 
The Sierra Supercomputer: Science and Technology on a Mission
The Sierra Supercomputer: Science and Technology on a MissionThe Sierra Supercomputer: Science and Technology on a Mission
The Sierra Supercomputer: Science and Technology on a Missioninside-BigData.com
 
Comparative study of optimization algorithms on convolutional network for aut...
Comparative study of optimization algorithms on convolutional network for aut...Comparative study of optimization algorithms on convolutional network for aut...
Comparative study of optimization algorithms on convolutional network for aut...IJECEIAES
 
Data Science At Scale for IoT on the Pivotal Platform
Data Science At Scale for IoT on the Pivotal PlatformData Science At Scale for IoT on the Pivotal Platform
Data Science At Scale for IoT on the Pivotal PlatformGautam S. Muralidhar
 
STARBUCKS Site Selection Analysis drift
STARBUCKS Site Selection Analysis driftSTARBUCKS Site Selection Analysis drift
STARBUCKS Site Selection Analysis driftPark JunPyo
 
Synthesis of analytical methods data driven decision-making
Synthesis of analytical methods data driven decision-makingSynthesis of analytical methods data driven decision-making
Synthesis of analytical methods data driven decision-makingAdam Doyle
 
Self-Tuning and Managing Services
Self-Tuning and Managing ServicesSelf-Tuning and Managing Services
Self-Tuning and Managing ServicesReza Rahimi
 
Sawmill - Integrating R and Large Data Clouds
Sawmill - Integrating R and Large Data CloudsSawmill - Integrating R and Large Data Clouds
Sawmill - Integrating R and Large Data CloudsRobert Grossman
 
IN SEARCH OF ACTIONABLE PATTERNS OF LOWEST COST - A SCALABLE GRAPH METHOD
IN SEARCH OF ACTIONABLE PATTERNS OF LOWEST COST - A SCALABLE GRAPH METHODIN SEARCH OF ACTIONABLE PATTERNS OF LOWEST COST - A SCALABLE GRAPH METHOD
IN SEARCH OF ACTIONABLE PATTERNS OF LOWEST COST - A SCALABLE GRAPH METHODijdms
 
Dynamically Optimizing Queries over Large Scale Data Platforms
Dynamically Optimizing Queries over Large Scale Data PlatformsDynamically Optimizing Queries over Large Scale Data Platforms
Dynamically Optimizing Queries over Large Scale Data PlatformsINRIA-OAK
 
Achitecture Aware Algorithms and Software for Peta and Exascale
Achitecture Aware Algorithms and Software for Peta and ExascaleAchitecture Aware Algorithms and Software for Peta and Exascale
Achitecture Aware Algorithms and Software for Peta and Exascaleinside-BigData.com
 
towards_analytics_query_engine
towards_analytics_query_enginetowards_analytics_query_engine
towards_analytics_query_engineNantia Makrynioti
 
Is Revolution R Enterprise Faster than SAS? Benchmarking Results Revealed
Is Revolution R Enterprise Faster than SAS? Benchmarking Results RevealedIs Revolution R Enterprise Faster than SAS? Benchmarking Results Revealed
Is Revolution R Enterprise Faster than SAS? Benchmarking Results RevealedRevolution Analytics
 
casestudy_important.pptx
casestudy_important.pptxcasestudy_important.pptx
casestudy_important.pptxssuser31398b
 
Spatial Data Integrator - Software Presentation and Use Cases
Spatial Data Integrator - Software Presentation and Use CasesSpatial Data Integrator - Software Presentation and Use Cases
Spatial Data Integrator - Software Presentation and Use Casesmathieuraj
 
Big Data Analytics with Storm, Spark and GraphLab
Big Data Analytics with Storm, Spark and GraphLabBig Data Analytics with Storm, Spark and GraphLab
Big Data Analytics with Storm, Spark and GraphLabImpetus Technologies
 

Similaire à Multi-data-types Interval Decision Diagrams for XACML Evaluation Engine (20)

Mobility insights at Swisscom - Understanding collective mobility in Switzerland
Mobility insights at Swisscom - Understanding collective mobility in SwitzerlandMobility insights at Swisscom - Understanding collective mobility in Switzerland
Mobility insights at Swisscom - Understanding collective mobility in Switzerland
 
Spark Summit EU talk by Francois Garillot and Mohamed Kafsi
Spark Summit EU talk by Francois Garillot and Mohamed KafsiSpark Summit EU talk by Francois Garillot and Mohamed Kafsi
Spark Summit EU talk by Francois Garillot and Mohamed Kafsi
 
M3AT: Monitoring Agents Assignment Model for the Data-Intensive Applications
M3AT: Monitoring Agents Assignment Model for the Data-Intensive ApplicationsM3AT: Monitoring Agents Assignment Model for the Data-Intensive Applications
M3AT: Monitoring Agents Assignment Model for the Data-Intensive Applications
 
The Sierra Supercomputer: Science and Technology on a Mission
The Sierra Supercomputer: Science and Technology on a MissionThe Sierra Supercomputer: Science and Technology on a Mission
The Sierra Supercomputer: Science and Technology on a Mission
 
Comparative study of optimization algorithms on convolutional network for aut...
Comparative study of optimization algorithms on convolutional network for aut...Comparative study of optimization algorithms on convolutional network for aut...
Comparative study of optimization algorithms on convolutional network for aut...
 
Data Science At Scale for IoT on the Pivotal Platform
Data Science At Scale for IoT on the Pivotal PlatformData Science At Scale for IoT on the Pivotal Platform
Data Science At Scale for IoT on the Pivotal Platform
 
STARBUCKS Site Selection Analysis drift
STARBUCKS Site Selection Analysis driftSTARBUCKS Site Selection Analysis drift
STARBUCKS Site Selection Analysis drift
 
Synthesis of analytical methods data driven decision-making
Synthesis of analytical methods data driven decision-makingSynthesis of analytical methods data driven decision-making
Synthesis of analytical methods data driven decision-making
 
Self-Tuning and Managing Services
Self-Tuning and Managing ServicesSelf-Tuning and Managing Services
Self-Tuning and Managing Services
 
Sawmill - Integrating R and Large Data Clouds
Sawmill - Integrating R and Large Data CloudsSawmill - Integrating R and Large Data Clouds
Sawmill - Integrating R and Large Data Clouds
 
IN SEARCH OF ACTIONABLE PATTERNS OF LOWEST COST - A SCALABLE GRAPH METHOD
IN SEARCH OF ACTIONABLE PATTERNS OF LOWEST COST - A SCALABLE GRAPH METHODIN SEARCH OF ACTIONABLE PATTERNS OF LOWEST COST - A SCALABLE GRAPH METHOD
IN SEARCH OF ACTIONABLE PATTERNS OF LOWEST COST - A SCALABLE GRAPH METHOD
 
Dynamically Optimizing Queries over Large Scale Data Platforms
Dynamically Optimizing Queries over Large Scale Data PlatformsDynamically Optimizing Queries over Large Scale Data Platforms
Dynamically Optimizing Queries over Large Scale Data Platforms
 
Achitecture Aware Algorithms and Software for Peta and Exascale
Achitecture Aware Algorithms and Software for Peta and ExascaleAchitecture Aware Algorithms and Software for Peta and Exascale
Achitecture Aware Algorithms and Software for Peta and Exascale
 
towards_analytics_query_engine
towards_analytics_query_enginetowards_analytics_query_engine
towards_analytics_query_engine
 
Yarn spark next_gen_hadoop_8_jan_2014
Yarn spark next_gen_hadoop_8_jan_2014Yarn spark next_gen_hadoop_8_jan_2014
Yarn spark next_gen_hadoop_8_jan_2014
 
Is Revolution R Enterprise Faster than SAS? Benchmarking Results Revealed
Is Revolution R Enterprise Faster than SAS? Benchmarking Results RevealedIs Revolution R Enterprise Faster than SAS? Benchmarking Results Revealed
Is Revolution R Enterprise Faster than SAS? Benchmarking Results Revealed
 
Srikanta Mishra
Srikanta MishraSrikanta Mishra
Srikanta Mishra
 
casestudy_important.pptx
casestudy_important.pptxcasestudy_important.pptx
casestudy_important.pptx
 
Spatial Data Integrator - Software Presentation and Use Cases
Spatial Data Integrator - Software Presentation and Use CasesSpatial Data Integrator - Software Presentation and Use Cases
Spatial Data Integrator - Software Presentation and Use Cases
 
Big Data Analytics with Storm, Spark and GraphLab
Big Data Analytics with Storm, Spark and GraphLabBig Data Analytics with Storm, Spark and GraphLab
Big Data Analytics with Storm, Spark and GraphLab
 

Dernier

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 

Dernier (20)

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 

Multi-data-types Interval Decision Diagrams for XACML Evaluation Engine

  • 1. Multi-data-types Interval Decision Diagrams for XACML Evaluation Engine Canh Ngo, Marc X. Makkes, Yuri Demchenko, Cees de Laat System and Network Engineering Group, University of Amsterdam PST 2013 July 12, 2013
  • 2. PST 2013, Tarragona, July 12, 2013 Content • Overview • Related work • Motivation • XACML Analysis • Proposed mechanisms: Multi-data-types Interval Decision Diagrams • XACML Evaluation Engine • Evaluation & Experiments • Conclusion 2/25
  • 3. PST 2013, Tarragona, July 12, 2013 XACML Policy Language • XACML - eXtensible Access Control Markup Language – Attribute based Access Control model (ABAC) – History: • 2003 – XACML 1.0 • 2005 – XACML 2.0 • 2013 – XACML 3.0 Overview 3/25
  • 4. PST 2013, Tarragona, July 12, 2013 XACML: Policy Language Model v3.0 XACML Overview PolicySet Policy Target Policy Combining Algorithm AnyOf AllOf Rule Condition Effect Rule Combining Algorithm Obligation Expression Advice Expression 1 1 1..* 1 1 1 1 1 1..* 0..* 1 0..* 1 1 11 1 11 1 0..* 0..* 0..* 0..* 1 0..* 0..* 1 1 4/25
  • 5. PST 2013, Tarragona, July 12, 2013 XACML: Architecture XACML Overview Access Requester PEP Obligation service Context handler 3.Req 12. Resp PDP 4. Req 5. attr query 10. attrs 11. Resp PAP 1. Policies PIP 6. attr query 8. attributes 2. Request 13. Obligations Resource Subjects Environment 9. Res content 7b. Env attrs 7a. Subj attrs 7c. Res attrs 5/25
  • 6. PST 2013, Tarragona, July 12, 2013 Motivation • XACML policy analysis and evaluation – High performance evaluation – Solve Indeterminate states handling – Complex XACML logic expressions – Support XACML analysis and verification. [*] Multiple Indeterminate states: Indeterminate , Indeterminate (D), Indeterminate(P), Indeterminate(DP) in XACML 3.0 6/25
  • 7. PST 2013, Tarragona, July 12, 2013 Related work • Current implementations: – Mechanisms: brute-force search, caching decisions – SunXACML [1]: XACML 2.0 standard implementation: 100-200 req/s – Enterprise-XACML [2]: XACML 2.0, caching optimizations • Policy verification and managements – XACML verification with binary decision diagrams [3]. – Redundancy detection & optimization policies using description logic [4]. – Policy integration algebra with binary decision diagrams [5]. 1. http://sunxacml.sourceforge.net/: 2. http://code.google.com/p/enterprise-java-xacml/ 3. K. Fisler et. al. Verification and change-impact analysis of access-control policies. (ICSE '05) 4. V. Kolovski et. al. Analyzing web access control policies. (WWW '07) 5. P. Rao et. al. “An algebra for fine-grained integration of XACML policies” (SACMAT’09) 7/25
  • 8. PST 2013, Tarragona, July 12, 2013 XACML policy evaluation • Marouf et. al. [6]: – Using statistics to cluster high frequent evaluated rules/policies to top levels • Liu et. Al. [7]: XEngine – Mechanism: using firewall decision diagram to transform XACML policies into flat policies; numericalize predefined values. – Pros: very high performance – Cons: only support “=” operators, fixed #attribute values; incorrect Indeterminate states processing Related work 6. S. Marouf et.al , “Statistics & Clustering Based Framework for Efficient XACML Policy Evaluation,” 2009 7. A. Liu et. al. “Designing Fast and Scalable XACML Policy Evaluation Engines.” IEEE Transactions on Computers , 2011 8/25
  • 9. PST 2013, Tarragona, July 12, 2013 XACML policy evaluation • Ros et. al. [8]: Graph-based XACML evaluation – Mechanism: improved [6] with more comparable operators – Cons: support a subset of XACML policies • Ignore XACML Indeterminate states(*) • “MustBePresent” (**) property: handle missing attributes in requests • Data interval processing: handle simple forms of Target logic expressions Related work 8. S. Ros et. al. Graph-based XACML evaluation. (SACMAT '12). (*) XACML 3.0 has multi-decisions values: Permit (P), Deny (D), NotApplicable (NA), Indeterminate states (INDP, IND, INP) R(, data, r) DO(NA, P, NA) =P PDP R(, data, r) DO(IND, P, INP)=INDP PDP* CombiningAlgo="Deny-overrides" PolicyId=’P0' (resId=“data”) ^ (action=“r”) RuleId=‘R2’ Permit (role=“guests”) RuleId=‘R1’ Deny (role=“manager” ^ (resId=“data”) ^ (action=“w”) RuleId=‘R3’ Permit 9/25
  • 10. PST 2013, Tarragona, July 12, 2013 Attribute logic expressions • Target Expression – AllOf expression: mkk – AnyOf expression: mkkj XACML Analysis T(X) = mk kji Request: X = {x1,x2..,xn} Match expression: mk:= (x, f, v) • Matching rule logic condition path Ti(X) i∈{P0..,Pk,r} → true A sample policy tree PS0 PS PS1 P R P P P P2 R RR R R R 10/25
  • 11. PST 2013, Tarragona, July 12, 2013 XACML Combining Algorithms • Specifications: XACML 2.0, 3.0 • DFA representation: – States: Q= {P, D, INP, IND, INDP, NA} – Input symbols: Q – Start states: NA – Accept states: Q – Transition function: 𝛿: 𝑄 × 𝑄 → 𝑄 XACML Analysis Combining algorithms(*) Permit-overrides Deny-overrides First-applicable Only-one-applicable Permit-unless-deny Deny-unless-permit (*) XACML 3.0 specs P INDP INP D IND NA P P P P P P P INDP P INDP INDP INDP INDP INDP INP P INDP INP INDP INDP INP D P INDP INDP D D D IND P INDP INDP D IND IND NA P INDP INP D IND NA Permit-overrides transition function 11/25
  • 12. PST 2013, Tarragona, July 12, 2013 Multi-data-type Interval Decision diagrams • Decision diagrams G(V, E) represents function f Proposed mechanism 𝑓 𝑥1, 𝑥2 … , 𝑥 𝑛 ≔ 𝐷1 × 𝐷2 … × 𝐷 𝑛 → {𝑡𝑟𝑢𝑒, 𝑓𝑎𝑙𝑠𝑒} 𝑓 𝑋 = ℎ 𝑥 𝑖 𝑃∈𝑃(𝐷 𝑖) (𝑃) 𝑓 𝑥 𝑖 𝑃 • Partial function decomposition ℎ 𝑥 𝑖 𝑃 = 𝑡𝑟𝑢𝑒 𝑖𝑓 𝑥 ∈ 𝑃 𝑓𝑎𝑙𝑠𝑒 𝑖𝑓 𝑥 ∉ 𝑃 Multi-data-type decision diagrams (MIDD): an example • Concepts – Interval: I  Di – Interval partition: P = {I | I  Di : Ii,Ij, i j, Ii  Ij =  } x1 x2 x3 P11 True P31 P12 x2 x2 P13 P21 x3 x3 x3 x3 P22 P23 P25 P26P24 P27 P32 P33 P34 P35 12/25
  • 13. PST 2013, Tarragona, July 12, 2013 Generic Interval Partition Processing • Concept – Reduced interval partition: P’ = |P| • Operators on reduced interval partitions – Union: v P1  P2, v  P – Intersect: v P1  P2, v  P – Complement: v P1 P2, v  P • Operators on MIDDs: logical functions f1, f2 – Conjunctive join: Mf = Mf1  Mf2 – Disjunctive join: Mf = Mf1  Mf2 Proposed mechanism 13/25
  • 14. PST 2013, Tarragona, July 12, 2013 Methods: Construct X-MIDDs XACML Evaluation MIDD parsing XACML rule R MIDDR X-MIDD transformation X-MIDDR Decision states MustBe Present Rule Effect NA False _ INP True Permit IND True Deny Extract, aggregate & reduce IP list from AllOf expressions Create a MIDD path for each AllOf expression Compose MIDDs: conjunctive & disjunctive joins Leaf node: condition, effect, obligations/advices Internal nodes: decision states 14/25
  • 15. PST 2013, Tarragona, July 12, 2013 Methods: Construct X-MIDDs (2) XACML Evaluation RuleId=‘R1’ Permit                         )21()96( )'1085''1080(' )21( )'1098''1095(' )43()1712( )'1085''1080(' pricetime BLpcodeAB price XHpcodeCJ pricetime BLpcodeAB O1 CombiningAlgo="Permit-overrides" PolicyId=’P0' (‘1080AB’ ≤ pcode)  (pcode ≤ ‘1098XH’) RuleId=‘R2’    )12()'1098'( )21( )'1095''1085(' )17()'1080'(           timeXHpcode time CJpcodeBL timeABpcode Deny O2 Rule R1: MIDDs P-code time Price [1080AB,1085BL] [12pm,5pm] True [3,4] P-code Price [1095CJ,1098XH] [1,2] True P-code time [1080AB,1085BL] [6am,9am] Price [1,2] True 15/25
  • 16. PST 2013, Tarragona, July 12, 2013 Methods: Construct X-MIDDs (3) XACML Evaluation Rule R1: Combined MIDDs P-code time Price [1080AB,1085BL] [6am,9am][12pm,5pm] True [3,4] Price [1095CJ,1098XH] [1,2] Rule R1: MIDDs P-code time Price [1080AB,1085BL] [12pm,5pm] True [3,4] P-code Price [1095CJ,1098XH] [1,2] True P-code time [1080AB,1085BL] [6am,9am] Price [1,2] True MIDD disjunctive/conjunctive joins 16/25
  • 17. PST 2013, Tarragona, July 12, 2013 Methods: Construct X-MIDDs (4) XACML Evaluation Rule R1: Combined MIDDs P-code time Price [1080AB,1085BL] [6am,9am][12pm,5pm] True [3,4] Price [1095CJ,1098XH] [1,2] Transform P-code (INP) time (NA) Price (NA) [1080AB,1085BL] [6am,9am][12pm,5pm] P, (O1) [3,4] Price (NA) [1095CJ,1098XH] [1,2] X-MIDDR1 17/25
  • 18. PST 2013, Tarragona, July 12, 2013 Methods: Construct X-MIDDs (4) XACML Evaluation P-code (INP) time (NA) Price (NA) [1080AB,1085BL] [6am,9am][12pm,5pm] P, (O1) [3,4] Price (NA) [1095CJ,1098XH] [1,2] X-MIDDR1 P-code (IND) time (NA) [1080AB] time (NA) [1085BL,1095CJ] D, (O2) [5pm] [9am] time (NA) [1098XH] [12pm] X-MIDDR2 18/25
  • 19. PST 2013, Tarragona, July 12, 2013 Methods: Combine X-MIDDs XACML Evaluation time (NA) [1080AB] Price (D, (O2)) [5pm] [3,4] Price (NA) [12pm, 5pm) [3,4] Price (NA) [6am,9am] [1,2] time (NA) [1085BL] [6am,9am) Price (D, (O2)) [9am] [1,2] [12pm, 5pm] time (NA) [1095CJ] [9am] {(-inf,9am)U (9am, +inf)} time (NA) [1098XH] [12pm]{(-inf,12pm)U (12pm, +inf)} {(-inf,1)U (2, +inf)} {(-inf,3)U (4, +inf)} time (NA) (1080AB,1085BL) [6am,9am] [12pm, 5pm) (1095CJ,1098XH) time (NA) (1085BL,1095CJ) [9am] P, (O1) D, (O2) P-code (INDP) Permit-Overrides (X-MIDDR1, X-MIDDR2) X-MIDDP0 19/25
  • 20. PST 2013, Tarragona, July 12, 2013 Evaluation and Experiments: complexity • Policies with n attributes • 𝑎𝑖 𝜖𝑃𝑖 • 𝑃𝑖 has 𝑘𝑖 distinct values in policies • X-MIDD complexity – Evaluation time (avg): 𝑂 𝑙𝑜𝑔2 2𝑘𝑖 + 1 + 1𝑛 𝑖=1 – Space (worst case): 𝑂 2𝑘𝑗 + 1𝑖 𝑗=1 𝑛 𝑖=1 XACML Evaluation 20/25
  • 21. PST 2013, Tarragona, July 12, 2013 Evaluation and Experiments: Implementation • Implementation – XACML 3.0 – Oracle Java 1.7, Linux Mint x64 i5 2.67GHz, 4GB RAM – LGPL: https://code.google.com/p/sne-xacml/ • Validation – Compare with SunXACML – 1000 random requests/time XACML Evaluation 21/25
  • 22. PST 2013, Tarragona, July 12, 2013 Evaluation and Experiments: performance XACML Evaluation Datasets Policy level # Policy- sets #Polici es #Rules Attrib utes Operators GEYSERS(*) 3 6 7 33 3 = Continue-a (**) 6 111 266 298 14 = Synthetic-360 4 31 72 360 10 =(80%), complex (20%) 1.0 10.0 100.0 1000.0 10000.0 100000.0 GEYSERS Continue-a Synthetic-360 Microseconds SNEXACML SunXACML (*) SNE-XACML: average response time for 1M random requests (*) GEYSERS Prj: http://www.geysers.eu/ (**) Fisler et. al. ICSE '05. 22/25
  • 23. PST 2013, Tarragona, July 12, 2013 Evaluation and Experiments: microbenchmark XACML Evaluation 14.2% 38.7% 44.8% 3.4% 1.6% 2.5% 82.4% 59.7% 52.3% 0% 20% 40% 60% 80% 100% GEYSERS Continue-a Synthetic-360 X-MIDD eval. time Resp. conversion time Req. conversion time GEYSERS Continue-a Synthetic-360 Pre-processing (ms) 94 480 1043 X-MIDD size (nodes) 55 3258 104,675 Throughput (req/s) 229,551 172,114 238,878 23/25
  • 24. PST 2013, Tarragona, July 12, 2013 Conclusions • Summary – High performance XACML evaluation – Solved Indeterminate states handling – Critical attribute property setting – Complex XACML logic expressions – Mechanisms for policy analysis & verification • Future work – Implementation: other XACML 3.0 features – Policy verification, redundancy detection. 24/25
  • 25. Group Meeting Amsterdam, July 12, 2013 Thank you! Q&A Contact Information Canh Ngo System and Network Engineering research group (SNE) University of Amsterdam Email: t.c.ngo@uva.nl SNE-XACML project (LGPL): https://code.google.com/p/sne-xacml/ 25