| 基于属性的访问控制策略逻辑融合框架研究 |
| |
| 引用本文: | 可珂,李鸥,徐长征. 基于属性的访问控制策略逻辑融合框架研究[J]. 计算机科学, 2011, 38(10): 91-95 |
| |
| 作者姓名: | 可珂 李鸥 徐长征 |
| |
| 作者单位: | 国家数字交换系统工程技术研究中心NDSC 郑州450002 |
| |
| 摘 要: | 基于属性的访问控制策略合并在大规模分布式多域环境下有着重要的应用背景。从现有文献关于基于属性的访问控制策略合成的研究结论出发,提出了一种逻辑融合框架,用以描述各种策略合并场景,并用实例对其进行了应用分析。该框架不仅能支持已有工作,而且能描述动态的策略合成方法。随后引入一个推理系统,根据它可以形式地验证合并出的新策略的一致性,并给出所提策略逻辑对访问请求的一种评估方法,保障了策略融合的正确性,进一步增强了策略融合方法的适用性。
|
| 关 键 词: | 访问控制,策略合并,逻辑,融合框架,推理系统 |
Towards a Logical Framework of Composing Attribute-based Access Control Policies |
| |
| KE Ke,LI Ou,XU Chang-zhen. Towards a Logical Framework of Composing Attribute-based Access Control Policies[J]. Computer Science, 2011, 38(10): 91-95 |
| |
| Authors: | KE Ke LI Ou XU Chang-zhen |
| |
| Affiliation: | (National Digital Switching System Engineering and Technological Research Center,Zhengzhou 450002,China) |
| |
| Abstract: | In multi-domain environment, the composition of access control policies is the key for aggregated resources when several domains are organized to form a new one. To formally express the composition and guarantee the correctness,a logical framework of composing policies was proposed. The framework is described at the attribute level. It not only fertilizes the existing algebraic models but also can express the dynamic composing scenery which they don't support, Several examples were introduced to demonstrate its expressing ability. The framework involves a logic deduction system which is sound. Based on the system, a compound policy can be formally verified whether it meets each party'sprotection needs. At last, how to evaluate a compound policy for an access request to some aggregated resource was dis-cussed. |
| |
| Keywords: | Access control Policies composition Logical Composing framework Deduction system |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机科学》浏览原始摘要信息 |
|
点击此处可从《计算机科学》下载全文 |
