摘要
分析了现有安全策略冲突检测方法的不足,研究了分布式系统中元素之间的关系,并统一抽象成有向无环图模型(DAG),提出了一种应用该模型检测分布式系统中安全策略冲突的定量方法,并用该模型对典型的策略冲突实例做了分析.最后,测算了该模型的算法复杂度,并通过实验进行了验证.有向无环图模型(DAG)扩展了策略冲突检测的思路,为策略的实用化提供了基础.
Policies are increasingly used in the field of security management. Security policies confliction is one of the most difficult problems in this field. The shortcoming of previous methods on security policies confliction detection is analyzed. Security policies are considered a kind of relation between subject and object about authority or obligation. Subjects and objects are elements in a distributed system. In researching relations among the elements in the distributed system, a conception of “field” is provided. The relations of fields can express the relations among the elements in the distributed system. A directed acycline graph model is given in order to precisely describe the relations of fields. A quantity method based on the model to detect security policy conflicts is then presented. A number of cases on security policy confliction are studied to prove the method correctness and availability. Finally, the algorithmic complexity is analyzed, which is in direct proportion to the number or square number of vertexes in the directed acycline graph. Data from experiments is also provided to support the conclusion. The way on security policy conflicts detection is extended and security policy practicability is provided.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2005年第7期1108-1114,共7页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目(2001AA142010)
江苏省自然科学基金项目(BK2002073)
关键词
安全管理
安全策略
有向无环图
冲突检测
security management
security policy
directed acycline graph
conflict detection
