In recent years, XACML (eXtensible Access Control Markup Language) has been widely used in the development of various applications, especially Web services. The evaluation time of a PDP (Policy Decision Point) grows significantly when the PDP loads a large-scale policy set coded in XACML. In order to improve the PDP evaluation performance, we propose an optimized policy evaluation engine, namely XDLEngine, and make the following contributions. First, XDLEngine has an advantage in the process of handling a large-scale policy set, and innovatively adopts the LDA (Latent Dirichlet Allocation) topic model to cluster policies. Second, according to the clustering results of the LDA model, we digitize and vectorize all rules in policy sets, which facilitates the rule matching. Third, the cosine similarity is introduced to classify the rules under each topic, which greatly reduces the number of comparisons in the process of rule matching and improves the matching efficiency of XDLEngine. Finally, due to the independence between different topics, we use a multi-threaded parallel search in the process of rule matching, which significantly lowers the evaluation time of XDLEngine. The experimental results show that when the number of requests reaches 20,000, the evaluation time of XDLEngine for a practical large-scale policy set with 120,000 rules is approximately 2.48%, 3.47% and 3.68% of that of the Sun PDP, XEngine and HPEngine, respectively.

近年来，XACML（可扩展访问控制标记语言）已广泛用于开发各种应用程序，尤其是Web服务。当PDP加载以XACML编码的大规模策略集时，PDP（策略决策点）的评估时间会大大增加。为了提高PDP评估性能，我们提出了一种优化的策略评估引擎XDLEngine，并做出了以下贡献。首先，XDLEngine在处理大规模策略集的过程中具有优势，并且创新地采用LDA（潜在狄利克雷分配）主题模型对策略进行集群。其次，根据LDA模型的聚类结果，我们对策略集中的所有规则进行了数字化和矢量化处理，从而促进了规则匹配。第三，通过引入余弦相似度对每个主题下的规则进行分类，大大减少了规则匹配过程中的比较次数，提高了XDLEngine的匹配效率。最后，由于不同主题之间的独立性，我们在规则匹配过程中使用了多线程并行搜索，这大大减少了XDLEngine的评估时间。实验结果表明，当请求数量达到20,000时，对于具有120,000条规则的实际大型策略集，XDLEngine的评估时间约为Sun PDP，XEngine和HPEngine的评估时间的2.​​48％，3.47％和3.68％，分别。由于不同主题之间的独立性，我们在规则匹配过程中使用了多线程并行搜索，这大大减少了XDLEngine的评估时间。实验结果表明，当请求数量达到20,000时，对于具有120,000条规则的实际大型策略集，XDLEngine的评估时间约为Sun PDP，XEngine和HPEngine的评估时间的2.​​48％，3.47％和3.68％，分别。由于不同主题之间的独立性，我们在规则匹配过程中使用了多线程并行搜索，这大大减少了XDLEngine的评估时间。实验结果表明，当请求数量达到20,000时，对于具有120,000条规则的实际大型策略集，XDLEngine的评估时间约为Sun PDP，XEngine和HPEngine的评估时间的2.​​48％，3.47％和3.68％，分别。