摘要
基于属性的访问控制模型(ABAC)特别适用于大规模分布式网络。然而,由于网络环境的异构性以及策略控制的复杂性,其访问控制策略集往往庞大且缺乏统一语义,策略管理也因此变得复杂和易于出错。针对以上问题,使用本体一致性推理对现有的基于XACML的ABAC授权框架进行扩展:首先,对几种主要的访问控制模型在分布式环境下的性能进行量化分析;其次,通过对本体知识库的一致性检测来判断策略的一致性;最后,设计一个实验方案来验证该方法的有效性和正确性。
In large-scale and distributed systems,attribute-based access control(ABAC)proves its appropriateness out of the ordinary.However,the management of policies turns out to be complex and error-prone for the heterogeneity of network environment,the complexity of policy control and policy sets of large-scale and lack-of-semantic.In order to solve the problem,this paper presented an approach based on the established XACML standard to extend current ABAC authorization architecture with ontology consistency reasoning.First,it carries out a quantitative analysis on several important access control models under distributed environment.Second,it determines the consistency of policies in accordance with the result of the consistency checking on the ontology knowledge base.Third,it designs an experimental scheme in order to verify the validity and correctness of our method.
出处
《计算机科学》
CSCD
北大核心
2015年第3期96-101,123,共7页
Computer Science