| 分布式环境下的访问控制 |
| |
| 引用本文: | 刘琼波,施军,尤晋元.分布式环境下的访问控制[J].计算机研究与发展,2001,38(6):735-740. |
| |
| 作者姓名: | 刘琼波 施军 尤晋元 |
| |
| 作者单位: | 上海交通大学计算机科学与工程系 |
| |
| 基金项目: | 上海市科技发展基金项目资助!(995 115 0 14 ) |
| |
| 摘 要: | 为适应分布式环境下的安全需求,提出了一种描述访问控制策略和判定访问请求的方法。采用类似于无函数的扩展逻辑程序的表示方法对安全访问策略进行描述,限定权限传播的深度,利用不同的优先次序定义了多种消解冲突的规则,并给出了类似扩展逻辑程序的回答集语义解释。结合确定性推理和可能性推理,描述了如何判定访问请求的算法。解决了3个问题:分布式授权、私有权限和冲突消解方法。
|
| 关 键 词: | 访问控制 私有权限 信息安全 冲突 分布式环境 |
ACCESS CONTROL IN DISTRIBUTED SYSTEMS |
| |
| LIU Qiong-Bo,SHI Jun,YOU Jin-Yuan.ACCESS CONTROL IN DISTRIBUTED SYSTEMS[J].Journal of Computer Research and Development,2001,38(6):735-740. |
| |
| Authors: | LIU Qiong-Bo SHI Jun YOU Jin-Yuan |
| |
| Abstract: | The security requirements of distributed systems are changing. In this paper an approach to represent the access control policies and evaluate the access requests is proposed. Extended logic programs without functions are introduced to represent the diverse access control policies, and the propagation depth and direction of privileges along the entity hierarchy can be constrained. After privilege conflicts are resolved according to the rules based on priority between different grantors and entities, semantics as answer sets of extended logic programs is attained. Based on certainty and possibility reasoning, an algorithm to determine whether an access request is authorized is proposed. The three issues of distributed authorization, private privileges and conflict resolution are resolved. |
| |
| Keywords: | access control private privileges conflict answer set access request |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
