高级检索
    吴迎红, 黄皓, 曾庆凯. 面向服务访问控制策略精化描述[J]. 计算机研究与发展, 2014, 51(11): 2470-2482. DOI: 10.7544/issn1000-1239.2014.20130973
    引用本文: 吴迎红, 黄皓, 曾庆凯. 面向服务访问控制策略精化描述[J]. 计算机研究与发展, 2014, 51(11): 2470-2482. DOI: 10.7544/issn1000-1239.2014.20130973
    Wu Yinghong, Huang Hao, Zeng Qingkai. Description of Service Oriented Access Control Policy Refinement[J]. Journal of Computer Research and Development, 2014, 51(11): 2470-2482. DOI: 10.7544/issn1000-1239.2014.20130973
    Citation: Wu Yinghong, Huang Hao, Zeng Qingkai. Description of Service Oriented Access Control Policy Refinement[J]. Journal of Computer Research and Development, 2014, 51(11): 2470-2482. DOI: 10.7544/issn1000-1239.2014.20130973

    面向服务访问控制策略精化描述

    Description of Service Oriented Access Control Policy Refinement

    • 摘要: 策略精化是解决分布式应用访问控制策略配置复杂性的重要方法.现有的策略精化技术给出了分层策略描述和逐层精化的方法,但是描述和处理策略之间关联问题能力不足,影响策略精化应用.为此给出了策略和包括组合、互斥、精化、访问路径协同等策略之间关系的形式描述方法,提出了能够描述策略之间关联属性的精化算法和记录策略和策略之间这些关联属性的策略精化树构建方法,为策略精化中的策略关联问题处理提供基础.策略精化树还能直观呈现访问控制的服务品质协议(service-level agreement, SLA).

       

      Abstract: Policy refinement is an important method to resolve the configuration complexity of access control policies for distributed applications. Although the current policy refinement techniques make it possible to describe the layered policies and refine the policies layer by layer, it is not easy of these methods to describe and analyze the associated attributes among different policies. The wide use of policy refinement is thus hindered. In this paper, new methods for the description of policies and relationships among them such as composition, mutual exclusion, refinement and path cooperation are given. A new algorithm for policies refinement with relationship description ability is proposed. A refine-tree construction method with the capability of describing the policies and the relationships among these policies is also proposed with the algorithm. This provides a basis for solving the issue of the associating attributes between policies in the policy refinement process. The policies refine-tree can also be used to demonstrate the SLA (service-level agreement) of access control.

       

    /

    返回文章
    返回