期刊文献+

基于多值属性分量的XACML策略匹配算法 被引量:2

Algorithm of Matching to XACML-Policy Based on Component of Multi-valued Attribute
下载PDF
导出
摘要 针对多值属性分量的XACML策略和策略请求之间的匹配需求,分析多值属性策略匹配中策略规则与请求匹配时两者的对应属性关系,依据属性之间的包含关系和权限蕴含关系,给出3个关于策略匹配的定理并加以证明。根据策略匹配的定理,提出多值属性匹配算法。最后进行实验验证,结果表明该算法能够提高多值属性分量策略的匹配效率。 Aiming at the demand of matching between the XACML policy and request based on the multi-valued attribute,this paper analyzed the corresponding attribute relationships between policy rule and the request.Three related theorems were proposed and proved based on the relationship between attributes implication and permissions implication.According to the three policy matching theorems,a matching algorithm was put forward.Finally,several experiments show that the algorithm enhances the matching efficiency.
出处 《计算机科学》 CSCD 北大核心 2014年第6期104-107,共4页 Computer Science
基金 国家863计划(2006AA01Z457)资助
关键词 XACML 策略 多值属性 匹配定理 匹配算法 XACML Policy Multi-valued attribute Matching theorem Matching algorithm
  • 相关文献

参考文献11

  • 1OASIS.Extensible Access Control Markup Language (XAC-ML) V3.0[EB/OL].http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cd-l-en.pdf.April,2009.
  • 2李晓峰,冯登国,何永忠.XACML Admin中的策略预处理研究[J].计算机研究与发展,2007,44(5):729-736. 被引量:5
  • 3Bertolino A,Daoudagh S,Lonetti F.Automatic XACML requests generation for policy Testing[C]// 2012 IEEE Fifth International Conference on Software Testing,Verification and Validation,2012,185:842-849.
  • 4Liu A X,Fei Chen.Designing Fast and Scalable XACML Policy Evaluation Engines[J].IEEE Transactions on Computers,2011,12(60):1802-1816.
  • 5Butler B,Jennings B,Botvich D.An experimental testbed to predict the performance of XACML Policy Decision Points[C]//12th IFIP/IEEE International Symposium on Integrated Network Management.2011:353-360.
  • 6Marouf S,Shehab M.Statistics and Clustering Based Framework for Efficient XACML Policy Evaluation[C]//IEEE International Symposium on Policy for Distributed Systems and Networks.2009,36:118-125.
  • 7谢辉.基于UCON改进模型的授权管理关键技术研究[D].郑州:解放军信息工程大学,2009:53-58.
  • 8陈伟鹤,王娜娜.基于XACML的策略评估优化技术的研究[J].计算机应用研究,2013,30(3):900-905. 被引量:7
  • 9Jajodia S,Samarati P,Subrahmanian V S.A logical language for expressing authorizations[C]// Proceedings of the 1997 IEEE Symposium on Security and Privacy.Los Alamitos,California,USA,1997:31-42.
  • 10王雅哲,冯登国.一种XACML规则冲突及冗余分析方法[J].计算机学报,2009,32(3):516-530. 被引量:33

二级参考文献45

  • 1龙勤,刘鹏,潘爱民.基于角色的扩展可管理访问控制模型研究与实现[J].计算机研究与发展,2005,42(5):868-876. 被引量:26
  • 2叶春晓,吴中福,符云清,钟将,冯永.基于属性的扩展委托模型[J].计算机研究与发展,2006,43(6):1050-1057. 被引量:17
  • 3Sloman M. Policy driven management for distributed systems. Journal of Network and Systems Management, 1994, 2(4) :333-360.
  • 4Moses T. eXtensible access control markup language (XACML) version 2.0. OASIS Standard, 2005.
  • 5Jajodia S, Samarati P, Subrahmanian V S et al. A unified framework for enforcing multiple access control policies// Proceedings of the ACM SIGMOD International Conference on Management of Data. Tucson, Arizona, USA, 1997, 26 (2) : 474-485.
  • 6Jajodia S, Samarati P, Subrahmanian V S. A logical language for expressing authorizations//Proeeedings of the 1997 IEEE Symposium on Security and Privacy. Los Alamitos, California, USA, 1997:31-42.
  • 7Lupu E, Sloman M. Conflicts in policy-based distributed systems management. IEEE Transactions on Software Engineering, 1999, 25(6): 852-869.
  • 8Cholvy L, Cuppens F. Analyzing consistency of security policies//Proceedings of the 1997 IEEE Symposium on Security and Privacy. Los Alamitos, California, USA, 1997:103-112.
  • 9Dunlop N, Indulska J, Raymond K. Dynamic conflict detection in policy-based management systems//Proceedings of the 6th International Enterprise Distributed Object ComputingConference (EDOC). Lausanne, Switzerland, 2002:15-26.
  • 10Guelev D P, Ryan M, Schobbens P Y. Modei-checking access control policies. Lecture Notes in Computer Science 3225. Berlin: Springer-Verlag, 2004.. 219-230.

共引文献39

同被引文献8

引证文献2

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部