期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于改进UCONc的网格授权策略规范

An Improved UCON_C-based Authorization Policy Specification in Grid
下载PDF
导出
摘要 由基于TLA(Temporal Logic of Action)的使用控制策略规范所表达的授权策略得出的决策结果仅能表达简单的"允许"或"拒绝",这在服务网格中难以实现决策组件与执行组件的合理分工,也不利于独立授权过程的并发执行。因此,本文首先提出了委托凭证作为决策结果的细粒度表达方式,然后对基于条件谓词决策的策略规范进行了改进与扩充,将原来简单的访问状态改进与扩充为委托凭证处理过程的状态组合。决策组件能根据访问请求时的系统状态输出合理的委托凭证,也能根据随后的系统状态变化进行再决策,以转换委托凭证的处理状态。最后对新的策略规范的完备性和正确性进行了证明,并通过实例展示了策略规范的表达能力和访问请求的决策过程。 The decision-making result of the usage control policy specification based on temporal logic of action only expresses "permission" or "rejection". In service grid, it is difficult to reasonably divide the work of PDP(Policy Decision Point) and PEP(Policy Enforcement Point), and the independent authorization processes are not implemented simultaneously. For that, the paper firstly presents the delegation certification that can express fine-grained rights, and the decision-making result can be expressed by it. Secondly, the paper improves and expands the policy specification based on condition predication decision-making, and defines the delegation certification processing statuses to replace the simple access status. PDP can make the reasonable delegation certification based on the system status when a request arrives, and also make decision to change the delegation certification processing status when the system status is changed. Finally, the completeness and soundness of the new policy specification are proved, and its expressive capability and the decision-making process Of the access request are exhibited through an example.
作者 桂劲松 陈志刚 郭迎
机构地区 中南大学信息科学与工程学院 上海交通大学区域光纤通信网与新型光通信系统国家重点实验室
出处 《计算机科学》 CSCD 北大核心 2008年第6期77-82,共6页 Computer Science
基金 国家自然科学基金资助项目(60573127)
关键词 服务网格 授权决策 委托凭证 策略规范 Service grid, Authorization decision, Delegation certification, Policy specification
分类号 TP311.13 [自动化与计算机技术—计算机软件与理论] TP311.51 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献12

  • 1Park J, Sandhu R. Towards Usage Control Models: Beyond Traditional Access Control//Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT02). Monterey, California, USA: ACM, 2002: 57-64
  • 2Park J, Sandhu R. The UCONABC usage control model. ACM Transaction on Information and System Security, 2004, 7 (1): 128-174
  • 3Zhang Xinwen, Parisi-Presicce F, Sandhu R, et al. Formal model and policy specification of usage control. ACM Transactions on Information and System Security(TISSEC), 2005, 8 (4) : 351-387
  • 4Pearlman L, Welch V, Foster I, et al. A community authorization service for group collaboration// IEEE 3rd International Workshop on Policies for Distributed Systems and Networks. Washington D. C.. IEEE Computer Society, 2002:50-59
  • 5Thompson M, Essiari A, Mudumbai S. Certificate based Authorization Policy in a PKI Environment. ACM Transactions on Information and System Security (TISSEC), 2003, 6(4) : 566- 588
  • 6Foster I, Jermings N R, Kesselman C. Brain meets brawn: Why grid and agents need each other// Proceedings of the 3rd International Conference on Autonomous Agents and Multi-Agent Systems(AAMAS'04). New York, USA, 2004: 8-15
  • 7Ferraiolo D F, Sendhu R, Gavrila S. Proposed NIST standard for role-based access control. ACM Transaction on Information and System Security, 2001,4(3):224-274
  • 8徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 9Strembeck M. Conflict checking of separation of duty constraints in RBAC - implementation experiences//Proceedings of the Conference on Software Engineering (SE ' 04). Innsbruck, Austria, 2004:224-229
  • 10翟征德.基于量化角色的可控委托模型[J].计算机学报,2006,29(8):1401-1407. 被引量:33

二级参考文献40

  • 1徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 2Xu Z, Feng DG, Li L, Chen H. UC-RBAC: A usage constrained role-base access control model. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security. LNCS 2836, Heidelberg: Springer-Verlag, 2003.337-347.
  • 3Gasser M, McDermott E. An architecture for practical delegation in a distributed system. In: Cooper D, Lunt T, eds. Proc. of the1990 IEEE Computer Society Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society Press, 1990. 20-30.
  • 4Gladny HM. Access control for large collections. ACM Trans. on Information Systems, 1997,15(2):154-194.
  • 5Moffett JD, Sloman MS. The source ofauthority for commercial access control. IEEE Computer, 1988,21(2):59-69.
  • 6Nagaratnam N, Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering, 1998,5(4):168-178.
  • 7Bandmann O, Dam M, Firozabadi BS. Constrained delegation. In: Proc. of thc 23rd Annual IEEE Symp. on Security and Privacy.Oakland: IEEE Computer Society Press, 2002. 131-143. http://csdl.computer.org/comp/proceedings/sp/2002/1543/00/15430131abs.htm
  • 8Niezette M, Stevenne J. An efficient symbolic representation of periodic time. In: Finin TW, Nicholas CK, Yesha Y, eds. Proc. of the 1st Int'l Conf. on Information and Knowledge Management. LNCS 752, Springer-Verlag, 1992.
  • 9Ferriaolo D, Cugini J,Kuhn R. Role-Based access control (RBAC): Features and motivations. In: Proc. of the 11th Annual Computer Security Application Conf. New Orleans: IEEE Computer Society Press, 1995. 241-248. http://csrc.nist.gov/rbac/ferraiolo-cugini-kuhn-95.pdf
  • 10Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-Based access control models. IEEE Computer, 1996,29(2):38-47.

共引文献71

计算机科学
2008年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部