| 基于良基语义的安全策略表达与验证方法 |
| |
| 引用本文: | 包义保,殷丽华,方滨兴,郭莉.基于良基语义的安全策略表达与验证方法[J].软件学报,2012,23(4):912-927. |
| |
| 作者姓名: | 包义保 殷丽华 方滨兴 郭莉 |
| |
| 作者单位: | 1. 中国科学院计算技术研究所,北京100190;解放军信息工程大学电子技术学院,河南郑州450004;中国科学院研究生院,北京100049
2. 中国科学院计算技术研究所,北京,100190 |
| |
| 基金项目: | 国家自然科学基金(61070186);国家高技术研究发展计划(863)(2009AA01Z438,2009AA01Z43);国家重点基础研究发展计划(973)(2007CB311100) |
| |
| 摘 要: | 提出了一种基于一阶逻辑的安全策略管理框架.首先,研究安全策略的语法和语义,给出将安全策略转换成扩展型逻辑程序的算法,进而构造出安全策略基本查询算法;其次,给出将安全策略复杂查询转换成基本查询的算法,进而构造出安全策略验证算法.在良基语义下,上述算法是可终止的、可靠的和完备的,且计算复杂度都是多项式级的.该框架可以在统一的良基语义下实现安全策略表达、语义查询和验证,保证安全策略验证的有效性.此外,该框架不仅兼容现有主流的安全策略语言,还能够管理具有非单调和递归等高级特性的安全策略.
|
| 关 键 词: | 安全策略 安全管理 良基语义 策略验证 逻辑编程 |
| 收稿时间: | 2010/9/15 0:00:00 |
| 修稿时间: | 2011/1/31 0:00:00 |
Approach of Security Policy Expression and Verification Based on Well-Founded Semantic |
| |
| BAO Yi-Bao,YIN Li-Hu,FANG Bin-Xing and GUO Li.Approach of Security Policy Expression and Verification Based on Well-Founded Semantic[J].Journal of Software,2012,23(4):912-927. |
| |
| Authors: | BAO Yi-Bao YIN Li-Hu FANG Bin-Xing and GUO Li |
| |
| Affiliation: | 1(Institute of Computing Technology,The Chinese Academy of Sciences,Beijing 100190,China) 2(Institute of Electronic Technology,Information Engineering University of PLA,Zhengzhou 450004,China) 3(Graduate University,The Chinese Academy of Sciences,Beijing 100049,China) |
| |
| Abstract: | This study proposes a logic-based security policy framework.First,the study proposes the security policy syntax and semantic.Next,four algoritms are proposed to transfer first-order logic based security policies into extended logic programs to evaluate queries with simple goals,to transfer complex queries into simple ones,and to verify security policies against complex security properties.Under well-founded semantics,all the algorithms are sound and completed,and their computational complexities are polynomial.In this framework,security policy declaration,evaluation and verification are executed under the same semantics,which is significant for security policy management.Furthmore,the framework can manage the security policies with advanced features,such as non-monotony and recursion,which is not supported in many existent security policy management frameworks. |
| |
| Keywords: | security policy security management well-founded semantic policy verification logic programming |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
