期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种ABAC静态策略冲突检测算法 被引量:6

A Static Policy Conflict Detection Algorithm for Attribute Based Access Control
在线阅读 下载PDF
导出
摘要 在分布式计算环境下,传统基于属性的静态访问控制策略多存在扩展性差、难以实现等问题。针对上述问题,提出一种基于策略属性分解的冲突检测算法。该算法对策略属性进行分解,构造策略属性分解图,判断策略属性值之间的相交关系,根据静态策略冲突的定义进行策略冲突检测,从而提高策略冲突检测算法的可扩展性和易实现性。实验结果表明,该算法对静态策略冲突的检测率接近85%。 This paper discusses static access control policy conflict detection of Attribute Based Access Control(ABAC) in the distributed computing environment, proposes a static policy conflict detection algorithm based on policy attributes decomposition. Policy attributes are decomposed and the graph of policy attributes decomposition is constructed. The intersection relationship between predicates of policy attribute is judged. The algorithm detects policy conflicts by the definition of static policy conflict which improves extensibility and achievability. Experimental result indicates that the policy conflict detection rate of proposed algorithm can reach 850.
作者 刘江 张红旗 代向东 王义功
机构地区 解放军信息工程大学电子技术学院 河南省信息安全重点实验室
出处 《计算机工程》 CAS CSCD 2013年第6期200-204,共5页 Computer Engineering
基金 国家"973"计划基金资助项目(2011CB311801) 国家"863"计划基金资助项目(2009AA01Z438)
关键词 基于属性的访问控制模型 策略管理 静态策略 策略冲突 策略属性分解 冲突检测 Attribute Based Access Control(ABAC) model policy management static policy policy conflict policy attributesdecomposition conflict detection
分类号 TP309.2 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献11

  • 1Zhang Xinwen, Li Yingjiu, Nalla D.An Attribute-based Access Matrix Model[C]//Proceedings of 2005 ACM Symposium on Applied Computing.New Mexico, USA: ACM Press, 2005.
  • 2Yuan E, Tong Jin.Attributed Based Access Control(ABAC) for Web Services[C]//Proceedings of IEEE International Conference on Web Services.Washington D.C., USA: IEEE Press, 2005.
  • 3王小明,付红,张立臣.基于属性的访问控制研究进展[J].电子学报,2010,38(7):1660-1667. 被引量:86
  • 4Damianou N, Dulay N, Lupu E, et al.The Ponder Policy Specification Language[C]//Proc.of Policy Workshop 2001.Bristol, UK: Springer-Verlag, 2001.
  • 5王雅哲,冯登国.一种XACML规则冲突及冗余分析方法[J].计算机学报,2009,32(3):516-530. 被引量:34
  • 6Huang Feng, Huang Zhiqiu, Liu Linyuan.A DL-based Method for Access Control Policy Conflict Detecing[C]//Proceedings of the 1st Asia-Pacific Symposium on Internetware.New York, USA: ACM Press, 2009.
  • 7Davy S, Jennings B, Strassner J.The Policy Continuum——Policy Authoring and Conflict Analysis[J].Computer Communications, 2008, 31(13): 2981-2995.
  • 8Calero J M, Pérez J M, Bernabé B J, et al.Detection of Semantic Conflict in Ontology and Rule-based Information Systems[J].Data & Knowledge Engineering, 2010, 69(11): 1117-1137.
  • 9Campbell G A.Ontologies for Resolution Policy Definition and Policy Conflict Detection[R].Technical Report: CSM- 1722007, University of Stirling, 2007.
  • 10Zhu Jian, Smari W W.Attribute Based Access Control and Security for Collaboration Environments[C]//Proceedings of NAECON’08.Dayton, USA: IEEE Press, 2008.

二级参考文献94

  • 1WANG Xiaoming,ZHAO Zongtao.A Service Oriented Voting Authorization Model[J].Chinese Journal of Electronics,2006,15(1):37-40. 被引量:2
  • 2Sloman M. Policy driven management for distributed systems. Journal of Network and Systems Management, 1994, 2(4) :333-360.
  • 3Moses T. eXtensible access control markup language (XACML) version 2.0. OASIS Standard, 2005.
  • 4Jajodia S, Samarati P, Subrahmanian V S et al. A unified framework for enforcing multiple access control policies// Proceedings of the ACM SIGMOD International Conference on Management of Data. Tucson, Arizona, USA, 1997, 26 (2) : 474-485.
  • 5Jajodia S, Samarati P, Subrahmanian V S. A logical language for expressing authorizations//Proeeedings of the 1997 IEEE Symposium on Security and Privacy. Los Alamitos, California, USA, 1997:31-42.
  • 6Lupu E, Sloman M. Conflicts in policy-based distributed systems management. IEEE Transactions on Software Engineering, 1999, 25(6): 852-869.
  • 7Cholvy L, Cuppens F. Analyzing consistency of security policies//Proceedings of the 1997 IEEE Symposium on Security and Privacy. Los Alamitos, California, USA, 1997:103-112.
  • 8Dunlop N, Indulska J, Raymond K. Dynamic conflict detection in policy-based management systems//Proceedings of the 6th International Enterprise Distributed Object ComputingConference (EDOC). Lausanne, Switzerland, 2002:15-26.
  • 9Guelev D P, Ryan M, Schobbens P Y. Modei-checking access control policies. Lecture Notes in Computer Science 3225. Berlin: Springer-Verlag, 2004.. 219-230.
  • 10Zhang N, Ryan M, Guelev D P. Synthesising verified access control systems in XACML//Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering. Washington,DC, USA, 2004:56-65.

共引文献118

同被引文献45

  • 1汪靖,林植,李云山.一种安全策略的冲突检测与消解方法[J].计算机应用,2009,29(3):823-825. 被引量:4
  • 2何再朗,田敬东,张毓森.策略冲突类型的细化及检测方法的改进[J].吉林大学学报(信息科学版),2005,23(3):287-293. 被引量:10
  • 3姚键,茅兵,谢立.一种基于有向图模型的安全策略冲突检测方法[J].计算机研究与发展,2005,42(7):1108-1114. 被引量:29
  • 4沈海波,洪帆.基于属性的授权和访问控制研究[J].计算机应用,2007,27(1):114-117. 被引量:16
  • 5FERRAIOLO D F, SANDHU R, GUIRILA S, et al. Proposed NIST standard for role-based access control [ J ]. ACM Trans on Informa- tion and System Security,2001,4(3) :224-274.
  • 6MOFFETT J D,SLOMAN M S. Policy conflict analysis in distributed system management[J]. Journal of OrganizationalComputing and Electronic Commerce, 1994,4(1) : 1-22.
  • 7LUPU E C,SLOMAN M. Conflicts in policy-based distributed systems management[J]_ IEEE Transactions on SoftwareEngineering,1999 ,25(6) :852-869.
  • 8JAJODIA S,SAMARATI P,SUBRAHMANIAN V S. A logical language for expressing authorizations[C]//Proceedingsof IEEE Symposium on Security and Privacy. Oakland,USA:IEEE Press, 1997 :31-42.
  • 9CHARALAMBIDES M’FLEGKAS P’PAVLOU G,et al. Policy conflict analysis for quality of service management[J].6th IEEE Workshop on Policies for Networks and Distributed Systems,2005 ,6( 1) : 99-108.
  • 10JAYARAMAN K,GANESH V, TRIPUNIT AR A M, et al. Automatic error finding in access-control policies[C] // Pro-ceedings of the 18th ACM Conference on Computer and Communications Security. Chicago,USA: ACM Press,2011:163-174.

引证文献6

二级引证文献15

计算机工程
2013年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部