基于开放逻辑R反驳计算的访问控制策略精化

策略精化是解决分布式应用访问控制策略配置复杂性的重要方法,现有精化技术给出了策略分层描述和逐层精化的方法,但处理策略之间关联问题的能力不足.基于精化树描述策略和策略关联,基于叶结点策略冲突判断,采用开放逻辑R反驳计算分析精化树策略关联属性,能够消解策略冲突同时保证策略互斥、组合、访问路径协同、精化映射等关联正确,并能够按序消解不同类型策略冲突、自由取舍相冲突的策略.实验与分析计算性能表明,该方法符合SaaS平台客户应用系统策略精化需求.

Access Control Policy Refinement Technology Based on Open Logic R-Refutation Calculus

Policy refinement is an important technology to resolve the configuration complexity of access control policies in distributed applications. Existing methods for policy refinement describe and refine policies layer by layer. However, they are weak in dealing with the relationship between policies. In this study, policies and the relationship between them are described based on the policy refinement tree where policies conflict analysis is performed on the leaf nodes to allow using R-refutation calculus of open logic to analyze refinement policy correlation properties. This method can resolve conflicting policies while correctly maintaining mutual exclusion, combination, access path coordination, and refinement mapping of policies. It can also resolve conflicting policies of different types in order, and freely make a choice among conflicting policies. Experiments and performance analysis demonstrate that the presented method meets the need of dynamic adaption of policy refinement for service-oriented application systems on SaaS platform.