摘要
目前的本体结构,多使用多个组织公用一套访问控制策略,这不利于组织间的机密性保护,降低了系统的安全性。为了实现协同环境下网络访问的互操作性,即在协同网络下实现不同安全策略的代理间的语义兼容,需要使用本体为用户和应用程序提供一个共享的知识与领域。本文在P2P网路中使用OrBAC模型并对该结构进行了研究,提出了一种改进的本体结构,通过O2O使用组织的虚拟原则来扩展OrBAC,使多个组织可同时定义自己的访问控制策略,即每个P2P网络通信参与者都可以在不同的安全策略下建立起语义间的兼容性,从而在保障系统安全性的同时降低系统访问控制的复杂程度。并使用软件Protégé对结果进行了验证。
In the current ontology structure,most of the organizations share a common access control policy,which is not conducive to the confidentiality protection between organizations,and reduces the security of the system. In order to achieve the inter-operability of network access in collaborative environment,that is to achieve the semantic compatibility between agents using different security policies in the collaborative networks,ontology needs to be used for users and applications such that shared knowledge and fields appear. This paper presents an improved ontology structure using Or BAC model in P2P network,using the organization's virtual principal to extend OrBAC. Multiple organizations can define their own access control policy,and each P2P network communication participant can establish the semantic compatibility between different security policies,thereby protecting the security of the system while reducing the system access control complexity and the results are verified by the software Protégé.
出处
《实验室研究与探索》
CAS
北大核心
2014年第11期136-140,共5页
Research and Exploration In Laboratory
基金
渭南师范学院研究生专项科研项目(12YKZ066)
