期刊文献+

面向业务流程访问控制策略及决策优化方法

Access control policy for business process and its optimal methods in policy decision
下载PDF
导出
摘要 在分析业务流程访问控制策略需求的基础上,对经典的XACML策略实施框架进行了扩展,提出一种能够根据业务流程执行状态管理策略的实施框架。通过在策略模式中引入<PolicyIssuer>元素和定义<Condition>元素的语义,使其能够描述访问策略和委托策略,并支持任务级最小特权的实现。给出了两种策略决策优化方法,针对策略集中无效策略数量过多的问题,采用逐步裁减法减少策略元素比对的次数,针对策略集中委托策略数量过多且需要验证可信性的问题,采用信任关联法减少策略匹配的次数,有效地提高了策略决策的效率。 By analyzing the requirements of access control for business process, an extended enforcement framework that supports policy management based on state of business process is proposed. By introducing elementand defining semantic of elementin policy schema, access control policy and delegation policy can both be described and least privilege at task level can be achieved. In order to reduce time cost of policy decision in case that numbers of unrelated policies and dele-gation policies are large, two methods which can reduce the numbers of matching policies and policy elements are proposed.
作者 商铮 张斌
出处 《计算机工程与应用》 CSCD 2013年第19期83-87,共5页 Computer Engineering and Applications
基金 国家重点基础研究发展规划(973)(No.2011CB311801) 河南省科技人才创新计划(No.114200510001)
关键词 XACML策略 访问控制 业务流程 策略 委托 Extensible Access Control Makeup Language(XACML) access control business process policy delegation
  • 相关文献

参考文献8

二级参考文献52

  • 1龙勤,刘鹏,潘爱民.基于角色的扩展可管理访问控制模型研究与实现[J].计算机研究与发展,2005,42(5):868-876. 被引量:26
  • 2叶春晓,吴中福,符云清,钟将,冯永.基于属性的扩展委托模型[J].计算机研究与发展,2006,43(6):1050-1057. 被引量:17
  • 3Zhang Xinwen, Oh Sejong, Ravi S.PBDM: a flexible delegation model in RBAC[C]//Proc of the SACMAT' 03.Como, Italy: ACM Press,2003 : 149-157.
  • 4Barka E S.Framework for role-based delegation models[D].Fairfax,Virginia:George Mason University,2002.
  • 5Zhang Longhua,Ahn G J, Chu B T.A rule-based framework for role-based delegation[J].ACM Transactions on Information and System Security, TISSEC, 2003,6 (3) : 404-441.
  • 6Brewer D F C,Nash M J.The Chinese wall security policy[C]// Proc of the IEEE Symposium on Security and Privacy.Oakland, Calif: IEEE Press, 1989 : 215-228.
  • 7Ravi Sandhu, Edward Coyne, Hal Feinstein, et al. Role-based access control models. IEEE Computer, 1996, 29(2):38-47
  • 8Xinwen Zhang, Sejong Oh, Ravi Sandhu. PBDM: A flexible delegation model in RBAC. In: Proc. SACMAT'03. New York:ACM Press, 2003
  • 9Roberto Tamassia, Danfeng Yao, William H, Winsborough.Role-based cascaded delegation. In: Proc. SACMAT'04. New York: ACM Press, 2004
  • 10Ezedin Barka, Ravi Sandhu. Framework for role-based delegation models. In: Proc. 16th Annual Computer Security Application Conference (ACSAC2000). Los Alamitos, CA: IEEE Computer Society Press, 2000

共引文献28

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部