检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]南京大学计算机软件新技术国家重点实验室,南京210093 [2]南京大学计算机科学与技术系,南京210093
出 处:《计算机研究与发展》2005年第7期1108-1114,共7页Journal of Computer Research and Development
基 金:国家"八六三"高技术研究发展计划基金项目(2001AA142010);江苏省自然科学基金项目(BK2002073)
摘 要:分析了现有安全策略冲突检测方法的不足,研究了分布式系统中元素之间的关系,并统一抽象成有向无环图模型(DAG),提出了一种应用该模型检测分布式系统中安全策略冲突的定量方法,并用该模型对典型的策略冲突实例做了分析.最后,测算了该模型的算法复杂度,并通过实验进行了验证.有向无环图模型(DAG)扩展了策略冲突检测的思路,为策略的实用化提供了基础.Policies are increasingly used in the field of security management. Security policies confliction is one of the most difficult problems in this field. The shortcoming of previous methods on security policies confliction detection is analyzed. Security policies are considered a kind of relation between subject and object about authority or obligation. Subjects and objects are elements in a distributed system. In researching relations among the elements in the distributed system, a conception of “field” is provided. The relations of fields can express the relations among the elements in the distributed system. A directed acycline graph model is given in order to precisely describe the relations of fields. A quantity method based on the model to detect security policy conflicts is then presented. A number of cases on security policy confliction are studied to prove the method correctness and availability. Finally, the algorithmic complexity is analyzed, which is in direct proportion to the number or square number of vertexes in the directed acycline graph. Data from experiments is also provided to support the conclusion. The way on security policy conflicts detection is extended and security policy practicability is provided.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.38
