摘要
在分布式系统中,基于策略的管理能满足复杂系统模块松耦合的要求,为了满足其复杂的安全需求特别是对资源控制细粒度的要求,其安全策略不仅要描述针对数据本身的细粒度,还要描述数据公开接口的粒度,由此利用视图的概念扩展了RBAC模型描述客体的细粒度;为确保策略规则的正确性,利用约束状态和规则状态描述分析了主客体属性层次操作关联带来的多种冲突类型,并通过词法和语法分析分解策略元素;利用分解结果,基于语义图设计算法,从而判断并定位策略中的冲突.
Policy-based management can meet the requirements of loose coupling in complex distributed system.In order to meet the complex security need,especially the requirements for fine-grained access control over resources,the security policy should not only describe the fine grains for data,but also for public interfaces of the corresponding data.This paper,extending RBAC model,proposes a view concept to describe fine grains of objects.To verify policy rules,the paper proposes constraint states concept and rule states concept to analyze several kinds of conflict caused by subject and object attribute hierarchy.By lexical and syntax analysis,policy documents are disaggregated into certain access control elements.In order to detect and locate these conflicts,semantic graphs are utilized for designing conflict detecting algorithms.
出处
《微电子学与计算机》
CSCD
北大核心
2011年第10期67-70,74,共5页
Microelectronics & Computer
基金
国家自然基金(41074010
40904004)
江苏省研究生创新计划资金(CX09B_116Z
CX10B_156Z)
高校基础科研资助专项基金(2010QNB21)
中国矿业大学青年基金(2009A052)
关键词
视图
冲突
语义
冲突检测
view
conflict
semantics
conflict detection
