| 一种XACML规则冲突及冗余分析方法 |
| |
| 引用本文: | 王雅哲,冯登国.一种XACML规则冲突及冗余分析方法[J].计算机学报,2009,32(3). |
| |
| 作者姓名: | 王雅哲 冯登国 |
| |
| 作者单位: | 1. 中国科学院软件研究所信息安全国家重点实验室,北京,100190
2. 信息安全共性技术国家工程研究中心,北京,100190 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划),国家科技支撑计划,国家自然科学基金 |
| |
| 摘 要: | 基于属性的声明式策略语言XACML表达能力丰富,满足开放式环境下资源访问管理的复杂安全需求,但其自身缺乏对规则冲突检测、规则冗余分析的支持.文中利用规则状态思想描述分析了属性层次操作关联带来的多种冲突类型,在资源语义树策略索引基础上利用状态相关性给出规则冲突榆测算法;利用状态覆盖思想分析造成规则冗余的原因,给出在不同规则评估合并算法下的冗余判定定理.仿真实验首先分析了冲突检测算法的运行效率;然后针对多种策略判定系统,验证了基于语义树的策略索引和冗余规则处理可以显著提高判定性能.
|
| 关 键 词: | 访问控制 规则状态 属性层次 规则冲突检测 规则冗余 |
A Conflict and Redundancy Analysis Method for XACML Rules |
| |
| WANG Ya-Zhe,FENG Deng-Guo.A Conflict and Redundancy Analysis Method for XACML Rules[J].Chinese Journal of Computers,2009,32(3). |
| |
| Authors: | WANG Ya-Zhe FENG Deng-Guo |
| |
| Affiliation: | State Key Laboratory of Information Security;Institute of Software;Chinese Academy of Sciences;Beijing 100190;National Engineering Research Center of Information Security;Beijing 100190 |
| |
| Abstract: | XACML is a kind of declarative policy language which has flexible expressive functions based on attributes and satisfies complex security requirements of access management in the open environment,but it lacks the capabilities of detecting conflict rules and analyzing rule redundancy.This paper proposes rule state concept and applies it to analyze several categories of rule conflict caused by attribute hierarchy.In order to detecting and locating these conflicts,resource semantic tree and state relativity ar... |
| |
| Keywords: | XACML |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
