期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

可视化的安全策略形式化描述与验证系统 被引量:2

Visual System of Formal Specification and Verification of Security Policy
下载PDF
导出
摘要 通过分析安全策略中可能出现的问题,对安全策略的一致性与完备性进行形式化定义。通过构造安全策略的状态模型,提出策略的一致性与完备性验证算法。基于可扩展访问控制标记语言,设计并实现一种安全策略的形式化描述与验证系统。该系统将形式化的验证过程自动化,以可视化的形式为普通用户提供一种高效的策略验证工具。 This paper analyzes the possible faults in policy, formally defines the consistency and completeness of the security policy. By building the state model of security policy, the algorithm for formally verifying security policy is proposed. Based on the eXtensible Access Control Markup Language(XACML), a system to formally specify and verify the security policy is designed and implemented. This system makes the process of the formal verification automatic, and provides an efficient tool for a normal user to verify the security policy in a visual form.
作者 雷新锋 刘军 肖军模 周海刚 张一丹
机构地区 解放军理工大学通信工程学院
出处 《计算机工程》 CAS CSCD 北大核心 2008年第24期162-164,共3页 Computer Engineering
基金 江苏省自然科学基金资助项目(BK2008090)
关键词 安全策略 一致性 完备性 扩展访问控制标记语言 security policy consistency completeness eXtensible Access Control Markup Language(XACML)
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献5

  • 1李守鹏,孙红波.信息系统安全策略研究[J].电子学报,2003,31(7):977-980. 被引量:12
  • 2Zhang Nan, Ryan M, Guelev D P. Synthesising Verified Access Control Systems in XACML[C]//Proceedings of ACM Workshop on Formal Methods in Security Engineering. Washington D. C., USA: [s. n.], 2004.
  • 3Organization for the Advancement of Structured Information Standards. eXtensible Access Control Markup Language (XACML) Version 2.01[EB/OL]. (2005-02-01). http://www.oasis-open.org/ specs/index.php#xacmlv2.0.
  • 4雷新锋,梁明晓,刘军,肖军模.一种开放的综合安全模型[J].北京邮电大学学报,2008,31(1):18-21. 被引量:3
  • 5雷新锋 刘军 肖军模 等.一种改进的基于XACML的角色访问控制描述方法.计算机科学,2008,35(4):94-95.

二级参考文献15

  • 1肖军模.对军用安全模型的扩展[J].电子科技大学学报,2005,34(2):186-189. 被引量:4
  • 2Marshall D. Abrams, and Michael V. Joyce. New thinking about information technology security [J ]. Computers & Security, 1995,14( 1 ) :69-81.
  • 3Marshall D. Abrams, mad Michael V. Joyce. Trusted computing update[J]. Computers & Security, 1995,14( 1 ) :57 - 68.
  • 4Marshall D. Abrams, and Michael V. Joyce. Trusted system concepts[J]. Computers & Security, 1995,14( 1 ) :45 - 56.
  • 5Jonathan Moffett, Morris Sloman and Kevin Twidle. Specifying discretionary access control policy for distributed systems [ J ]. Computer Communications, 1990,13(9) :571 - 580.
  • 6Tatyana Ryutov and Clifford Neuman. Representation and Evaluation of Security Policies for Distributed System Services[ A]. DARPA Information Survivability Conference and Exposition[ C]. Hilton Head Island,SC, USA: DISCE, 2000.
  • 7C Bidan and V Issamy. Dealing wilh Multi-Pohcy Security in Large Open Distributed Systems[ A]. Proceedings of 5th European Symposium on Research in Computer Security [ C ]. Louvain-la-Neuve, Belgium: ESRCS, 1998.51 - 66.
  • 8Bell D E, LaPadula L J. Secure computer system, unifed exposition and muhics interpretation[R]. Bedford, Massachusetts: The MITRE Corporation, 1976.
  • 9Biba K J. Integrity considerations for secure computer systems[R]. Bedford, Massachusetts: The MITRE Corporation, 1977.
  • 10Clark D D, Wilson D R. A comparison of commercial and military security policies [C]//Proceedings of the 1987 IEEE Symposium on Research in Security and Privacy. Oakland: [s. n. ], 1987: 184-194.

共引文献13

同被引文献12

引证文献2

计算机工程
2008年 第24期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部