高级检索

    一种基于有向图模型的安全策略冲突检测方法

    A DAG-Based Security Policy Conflicts Detection Method

    • 摘要: 分析了现有安全策略冲突检测方法的不足,研究了分布式系统中元素之间的关系,并统一抽象成有向无环图模型(DAG),提出了一种应用该模型检测分布式系统中安全策略冲突的定量方法,并用该模型对典型的策略冲突实例做了分析.最后,测算了该模型的算法复杂度,并通过实验进行了验证.有向无环图模型(DAG)扩展了策略冲突检测的思路,为策略的实用化提供了基础.

       

      Abstract: Policies are increasingly used in the field of security management. Security policies confliction is one of the most difficult problems in this field. The shortcoming of previous methods on security policies confliction detection is analyzed. Security policies are considered a kind of relation between subject and object about authority or obligation. Subjects and objects are elements in a distributed system. In researching relations among the elements in the distributed system, a conception of “field” is provided. The relations of fields can express the relations among the elements in the distributed system. A directed acycline graph model is given in order to precisely describe the relations of fields. A quantity method based on the model to detect security policy conflicts is then presented. A number of cases on security policy confliction are studied to prove the method correctness and availability. Finally, the algorithmic complexity is analyzed, which is in direct proportion to the number or square number of vertexes in the directed acycline graph. Data from experiments is also provided to support the conclusion. The way on security policy conflicts detection is extended and security policy practicability is provided.

       

    /

    返回文章
    返回