期刊文献+

基于iX-MIDD的XACML安全策略评估 被引量:2

XACML Policy Evaluation based on iX-MIDD
下载PDF
导出
摘要 从提高策略评估效能出发,研究应用iMIDD方法对XACML策略进行评估。介绍了XACML和iMIDD与iX-MIDD的基本概念,对策略集、策略、规则及策略树进行了定义,并给出了两种方案将XACML策略转换成iMIDD与iX-MIDD图。方案一处理对象的次序完全符合XACML标准,但处理效率上可能稍差。方案二效率方面更好,但对象处理次序却不一定完全符合XACML标准。给出了用iX-MIDD评估访问请求的处理过程。用GEYSERS项目的实际访问控制策略进行了仿真实验,表明用此方法进行XACML策略评估效率高,非常实用。 In order to make effectiveness evaluation of XACML policy, the application of iMIDD approach is discussed. The fundamental concepts of XACML, iMIDD and iX-MIDD are expounded, the policy set, policy, rule and policy tree described, and the two schemes for transforming XACML policies into iMIDD and iX-MIDD also proposed. For scheme one, the ordering to evaluate target element is completely up to the evaluation standard in XACML, but may be less in evaluation efficiency, while scheme two is better in efficiency, but the ordering not sure to the standard. The procedure to evalute access request is given. And the simulation with actual access control policy for GEYSERS project indicates that iX-MIDD-based policy evaluation is effective and practicable.
出处 《通信技术》 2016年第5期627-631,共5页 Communications Technology
关键词 访问控制 安全策略 策略评估 XACML access control security policy policy evaluation XACML
  • 相关文献

参考文献12

  • 1罗霄峰,罗万伯,胡月,李蕊,廖勇,吴彦伟.网络舆情治理研究[J].通信技术,2010,43(4):81-83. 被引量:19
  • 2郑昌安,吴学智.一种改进的基于挑战/应答机制的短波接入认证系统研究与设计[J].通信技术,2015,48(6):729-733. 被引量:2
  • 3OASIS. eXtensible Access Control Markup Language (XACML) Version 3. 0 [ EB/OL]. (2013- 1 -23) [ 2016-3-12 ]. http ://docs. oasis-open, org/xacml/3. 0/xacml-3.0-core-spec-os-en. html.
  • 4OASIS. Available XACML Implementations. [ EB/OL ]. (2016) [ 2016-3-12]. https://www, oasis-open, org/ committees/tc_home php9 wg_abbrev=xacml#other.
  • 5Fisler K, Krishnamurthi S, Meyerovich LA, et al. Verifi- cation and Change- Impact Analysis of Access- Control Policies [ C ]//Proceedings of the 27th International Con- ference on Software Engineering. New York, NY, USA: ACM ; 2005 : 196-205.
  • 6LIU A X, CEHN F, WANG J H, et al. Designing Fast and Scalable XACML Policy Evaluation Engines [ J ]. IEEE Transactions on Computers, 2011, 60(12) : 1802-1817.
  • 7Santiago Pina Ros, Mario Lischka, F6hx Gemez Mermol. Graph-based XACML Evaluation[ C ]// Proceedings of the 17th ACM Symposium on Access Control Models and Tech- nologies. ACM New York, NY, USA. 2012: 83-92.
  • 8Marouf S,Shehab M,Squicciarini A, et al. Adaptive Re- ordering and Clustering- based Framework for Efficient XACML Policy Evaluation [ J ]. IEEE Transactions on Services Computing, 2012, 4(4):300-313.
  • 9戚湧,陈俊,李千目.一种基于重排序的XACML策略评估优化方法[J].南京理工大学学报,2015,39(2):187-193. 被引量:4
  • 10RAO P, LIN D, E Bertino, et al. Fine-Grained Inte- gration of Access Control Policies [ J ]. Computers and Security, 2011, 30(2-3) :91-107.

二级参考文献24

  • 1王宁,邱绪东,罗嫔.基于hash函数和公钥算法的一次性口令方案[J].计算机应用研究,2009,26(2):716-718. 被引量:11
  • 2王来华,林竹,毕宏音.对舆情、民意和舆论三概念异同的初步辨析[J].新视野,2004(5):64-66. 被引量:116
  • 3赵华伟,李大兴.单向函数在公钥认证协议中的作用[J].计算机应用,2005,25(11):2509-2511. 被引量:1
  • 4陈力丹,舆论学.舆论导向研究[M].北京:中国广播电视出版社,1999:30-31.
  • 5胡锦涛.以创新的精神加强网络文化建设和管理[EB/OL].(2007-01-24)[2007-06-19].http://news.xinhuanet.corr/politics/2007-01/24/content_5648188.htm.
  • 6OASIS. eXtensible access control markup language (XACML) 3. 0 [ EB/OL ]. https ://www. oasis-open. org/committees/tc_ home. php? wg_ abbrev = xacml, 2013-01-22.
  • 7Sun. Sun PDP [ EB/OL ]. http://sunxacml. sourceforge, net/,2006-06-21.
  • 8JBoss. PicketBox XACML [ EB/OL ]. https:/! community, jboss, org/wiki/Picket Box XACMLJ Boss XACML ,2013-04-27.
  • 9Enterprise XACML [ EB/OL ]. http://code, google. com/p/enterprise-java-xacml/ ,2009-01-09.
  • 10Liu Alex X ,Chen Fei, Hwang Jee-Hyun, et al. Designing fast and scalable XACML policy evaluation engines [ J ]. IEEE Trans on Computers,2011,60 ( 12 ) : 1802-1817.

共引文献22

同被引文献16

  • 1罗万伯,罗霄岚,陈炜,李征,魏雁平.多域环境的安全策略管理框架研究[J].四川大学学报(工程科学版),2006,38(2):114-117. 被引量:7
  • 2LUO Xiao-feng,LI Lin,LUO Wan-bo.A Contextual UsageControl Model[J].Technical Gazette, 2014,21(01):35-41.
  • 3NIST/NSA Privilege Management Conference CollaborationTeam.A Report on the Privilege (Access) ManagementWorkshop[R].NIST/NSA,2010.
  • 4Elisa Bertino,Sushil Jajodia,Pierangela Samatati.SupportingMultiple Access Control Policies in Database Systems[C].Proceedings 1996 IEEE Symposium on Security andPrivacy,1996:94-107.
  • 5MA Gang’WU Ke-he,ZHANG Tong’et al.A FlexiblePolicy-Based Access Control Model for Workflow[J].IEEE International Conference on Computer Science &Automation Engineering,2011(02):533-537.
  • 6Kyong-jin K,Seng-phil HJoon Y.K.A Study onPolicy-based Access Control Model in SNS[J].International Journal of Multimedia and UbiquitousEngineering,2012,7(03):143-150.
  • 7Manifavas C,Fysarakis K,Rantos K,et al.PoIicy-Based Access Control for Body Sensor Networks[C].D. Naccache and D. Sauveron (Eds.):WISTP2014,2014:150-159.
  • 8extensible Access Control Markup Language (XACML)Version 3.0[S].http://docs.oasis-open.Org/xacml/3.0/xacml-3.0-core-spec-os-en.html.
  • 9Rao P,Lin D,Bertino E,et al.Fine-grained Integrationof Access Control Policies[J],Computers andSecurity,2011,30(02-03):91-107.
  • 10Ngo C,Demchenko Y,Laat CD.Decision Diagrams forXACML Policy Evaluation and Management[J].Computers& Security,2015,49(05):1-16.

引证文献2

二级引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部