检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
出 处:《计算机应用与软件》2011年第3期265-268,共4页Computer Applications and Software
摘 要:XACML访问控制模型在SOA体系中,属于最新最先进的访问控制模型,但它却没有涉及对敏感属性及敏感策略的保护,这限制了该标准的推广价值。针对这一问题,提出了利用隐藏证书技术来扩展XACML访问控制模型,以提供对交互双方敏感属性及策略的保护,从而实现了基于XACML访问控制模型的自动信任协商。描述了如何使用XACML标准进行敏感策略的组织方式及方法,分析了扩展模型的安全性,证明了扩展模型可以抵御各类常规的分布式攻击。The access control model presented with eXtensible Access Control Markup Language(XACML) is the latest and most advanced access control model in service-oriented architecture.However,it does not address how to preserve the privacy of sensitive attributes and policies,which limits the promotion value of this standard.In light of this issue,in this paper we propose that to extend XACML access control model with hidden credential technology,which preserves the privacy of sensitive attributes and policies on both interactive sides,so that the automated trust negotiation based on XACML access control model is achieved.Meanwhile,the organisation method and approach for confidential policy in XACML standard is also depicted in this paper.At the end of the paper the safety of the extended access control model is analysed,and it is proven that the model can run well against various types of general distributed attacks.
关 键 词:隐藏证书 信任协商 访问控制 可扩展访问控制标记语言
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49