期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

ABAC策略语义表示和决策方法 被引量:1

Semantic representation and enforcement methods of ABAC policies
下载PDF
导出
摘要 为解决开放式系统环境中基于属性的访问控制(Attribute-Based Access Control,ABAC)策略语义层次上的表示和决策问题,提出了ABAC策略的本体表示方法。该方法基于ABAC策略模型到描述逻辑定义的映射,使用语义Web规则语言(SWRL)处理系统内部关系定义。在此基础上,提出了基于封闭世界和实例实现推理的策略决策框架。最后从可靠性和完备性两方面说明了决策方法的正确性,验证实验表明了方法在实际应用中的适用性。 To solve the semantic presentation and enforcement problems of ABAC policies in the open system environment, a method using ontology to define policies is proposed. This method is defined on the basis of a map from ABAC policy model to description logic definitions. Also, it uses SWRL rules to define relations in the system. Based on the policy ontology, a frame- work utilizing close world reasoning and individual realization reasoning service to generate decisions of access request is pro- posed. The correctness of policy enforcement method is proved through its soundness and completeness, and an experiment is showed to verify the feasibility of these methods in a real application.
作者 周加根 叶春晓 罗娟
机构地区 重庆大学计算机学院
出处 《计算机工程与应用》 CSCD 2013年第23期56-62,66,共8页 Computer Engineering and Applications
基金 国家自然科学基金(No.60503027) 重庆大学研究生科技创新基金项目(No.CDJXS11180022)
关键词 基于属性的访问控制 策略表示 策略决策 本体 语义Web规则语言 推理 Attribute-Based Access Control (ABAC) policy representation policy enforcement ontology Semantic Web Rule Language(SWRL) reasoning
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献21

  • 1Wang L Y, Wijesekera D,Jajodia S.A logic-based frame?work for attribute based access control[C].IProceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering.New York:ACM,2004:45-55.
  • 2李晓峰,冯登国,陈朝武,房子河.基于属性的访问控制模型[J].通信学报,2008,29(4):90-98. 被引量:80
  • 3Lang B, Foster I, Siebenlist F, et al.A flexible attribute based access control method for grid computing[J].Journal of Grid Computing, 2009, 7(2): 169-180.
  • 4Sloman M.Po1icy driven management for distribution sys?tems[J].Journal of Network and Systems Management, 1994, 2( 4): 336-360.
  • 5Moses T.eXtensible Access Control Markup Language (XACML) version 2.0[EB/OL]. (2005-02-01 ) .http r/zdocs.oasis-opcn.org/xacml/ 2. O/access _ control-xacml-2. O-core-spec-os. pdf.
  • 6Ye C, Zhong 1, Fen YAttribute-based access control policy specification language[J].Journal of Southeast University, 2008, 24(3): 206-263.
  • 7Priebe T, Dobmeier W, Schlager C, et al.Supporting attribute?based access control in authorization and authentication infra?structures with ontologies[J].Journal of Software, 2007 , 2 ( 1 ) : 27-38.
  • 8Barker S, Stuckey P I.Flexible access control policy specifi?cation with constraint logic programming[J].ACM Transac?tions on Information and System Security(TISSEC), 2003,6 (4) :501-546.
  • 9Zhao C, Liu S P, Lin Z Q .Representation and reasoning on RBAC: a description logic approach[C]//LNCS 3722: Pro?ceedings of the International Colloquium on Theoretical Aspects of Computing.Berlin: Springer- Verlag, 2005: 394-406.
  • 10Finin T,Joshi A, Kagal L, et aI.ROWLBAC: representing role based access control in OWL[C].IProceedings of 13th ACM Symposium on Access Control Models and Technol?ogies.New York: ACM Press ,2008: 73-82.

二级参考文献26

  • 1钟勇,秦小麟,郑吉平,林冬梅.一种灵活的使用控制授权语言框架研究[J].计算机学报,2006,29(8):1408-1418. 被引量:15
  • 2Sandhu R S,Coynek E J,Feinsteink H L,et al.Role-based access control models[J].IEEE Computer,1996,29(2):38-47.
  • 3American National Standards Institute.American national standard for information technology-role based access control[S/OL].2004. http: //csrc.nist.gov/rbac/.
  • 4Jajodia S, Samarati P, Sapino M, et al.Flexible support for multipie access control policies[J].ACM Transactions on Database Systems, 2001,26: 214-260.
  • 5Bertino E,Samarati P,Jajodia S.An extended authorization model for relational databases[J].IEEE Transactions on Knowledge and Data Engineering,1997,9:85-101.
  • 6Al-Kahtani M A, Sandhu R.Rule-based RBAC with negative authorization[C]//Proceedings of the 20th Annual Computer Security Applications Conference, ACSAC' 04, December 06-10 2004: 405 -415.
  • 7Heilili N, Chen Y, Zhao C, et al.An OWL-based approach for RBAC with negative authorization[C]//LNAI 4092: First International Conference on Knowledge Science,Engineering and Management, KSEM' 06, Guilin, China, 2006: 164-175.
  • 8Moses T.eXtensible access control markup language(XACML) version 2.0[S/OL].2005.http ://docs.oasis-open.org/xacml/2.0/aceess_ control-xacml-2.0-core-spec-os.pdf.
  • 9Damianou N, Dulay N, Lupu E, et al.The ponder policy specification language[C]//Proceedings of Workshop on Policies for Distributed Systems and Networks, POLICY 2001, Bristol, UK, 2001.
  • 10Kagal L, Finin T, Joshi A.A policy based approach to security for the semantic web[C]//Proceedings of the 2nd International Semantic Web Conference, ISWC 2003,2003 : 402-418.

共引文献82

同被引文献4

引证文献1

计算机工程与应用
2013年 第23期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部