检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]中南大学信息科学与工程学院,长沙410083 [2]上海交通大学区域光纤通信网与新型光通信系统国家重点实验室,上海200030
出 处:《计算机科学》2008年第6期77-82,共6页Computer Science
基 金:国家自然科学基金资助项目(60573127)
摘 要:由基于TLA(Temporal Logic of Action)的使用控制策略规范所表达的授权策略得出的决策结果仅能表达简单的"允许"或"拒绝",这在服务网格中难以实现决策组件与执行组件的合理分工,也不利于独立授权过程的并发执行。因此,本文首先提出了委托凭证作为决策结果的细粒度表达方式,然后对基于条件谓词决策的策略规范进行了改进与扩充,将原来简单的访问状态改进与扩充为委托凭证处理过程的状态组合。决策组件能根据访问请求时的系统状态输出合理的委托凭证,也能根据随后的系统状态变化进行再决策,以转换委托凭证的处理状态。最后对新的策略规范的完备性和正确性进行了证明,并通过实例展示了策略规范的表达能力和访问请求的决策过程。The decision-making result of the usage control policy specification based on temporal logic of action only expresses "permission" or "rejection". In service grid, it is difficult to reasonably divide the work of PDP(Policy Decision Point) and PEP(Policy Enforcement Point), and the independent authorization processes are not implemented simultaneously. For that, the paper firstly presents the delegation certification that can express fine-grained rights, and the decision-making result can be expressed by it. Secondly, the paper improves and expands the policy specification based on condition predication decision-making, and defines the delegation certification processing statuses to replace the simple access status. PDP can make the reasonable delegation certification based on the system status when a request arrives, and also make decision to change the delegation certification processing status when the system status is changed. Finally, the completeness and soundness of the new policy specification are proved, and its expressive capability and the decision-making process Of the access request are exhibited through an example.
分 类 号:TP311.13[自动化与计算机技术—计算机软件与理论] TP311.51[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145