摘要
为解决开放式系统环境中基于属性的访问控制(Attribute-Based Access Control,ABAC)策略语义层次上的表示和决策问题,提出了ABAC策略的本体表示方法。该方法基于ABAC策略模型到描述逻辑定义的映射,使用语义Web规则语言(SWRL)处理系统内部关系定义。在此基础上,提出了基于封闭世界和实例实现推理的策略决策框架。最后从可靠性和完备性两方面说明了决策方法的正确性,验证实验表明了方法在实际应用中的适用性。
To solve the semantic presentation and enforcement problems of ABAC policies in the open system environment, a method using ontology to define policies is proposed. This method is defined on the basis of a map from ABAC policy model to description logic definitions. Also, it uses SWRL rules to define relations in the system. Based on the policy ontology, a frame- work utilizing close world reasoning and individual realization reasoning service to generate decisions of access request is pro- posed. The correctness of policy enforcement method is proved through its soundness and completeness, and an experiment is showed to verify the feasibility of these methods in a real application.
出处
《计算机工程与应用》
CSCD
2013年第23期56-62,66,共8页
Computer Engineering and Applications
基金
国家自然科学基金(No.60503027)
重庆大学研究生科技创新基金项目(No.CDJXS11180022)
关键词
基于属性的访问控制
策略表示
策略决策
本体
语义Web规则语言
推理
Attribute-Based Access Control (ABAC)
policy representation
policy enforcement
ontology
Semantic Web Rule Language(SWRL)
reasoning