A novel logic-based automatic approach to constructing compliant security policies  被引量：2

作　　者：BAO YiBao YIN LiHua FANG BinXing GUO Li 

机构地区：[1]Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190,China [2]Institute of Electronic Technology,Information Engineering University,Zhengzhou 450004,China [3]Beijing University of Posts and Telecommunications,Beijing 100190,China [4]Graduate University,the Chinese Academy of Science,Beijing 100049,China

出　　处：《Science China(Information Sciences)》2012年第1期149-164,共16页中国科学（信息科学）（英文版）

基　　金：supported by National Basic Research Program of China(Grant No.2007CB311100);National High Technology Research and Development Program of China(Grant Nos.2009AA01Z438,2009AA01Z431);National Natural Science Foundation of China(Grant No.61070186)

摘　　要：It is significant to automatically detect and resolve the incompliance in security policy. Most existing works in this field focus on compliance verification, and few of them provide approaches to automatically correct the incompliant security policies. This paper proposes a novel approach to automatically transform a given security policy into a compliant one. Given security policy H and delegation policy M declared by logic programs, the approach automatically rewrites П into a new one ПM which is compliant with M and is readable by the humans. We prove that the algorithm is sound and complete under noninterference assumption. Formally, we show that the security policy query evaluation algorithm with conflict and unsettlement resolution still works very well on ПHM. The approach is automatic, so it doesn＇t require a administrator with excess abilities. In this sense, our proposal can help us to save much manpower resource in security management and improves the security assurance abilities.It is significant to automatically detect and resolve the incompliance in security policy. Most existing works in this field focus on compliance verification, and few of them provide approaches to automatically correct the incompliant security policies. This paper proposes a novel approach to automatically transform a given security policy into a compliant one. Given security policy H and delegation policy M declared by logic programs, the approach automatically rewrites П into a new one ПM which is compliant with M and is readable by the humans. We prove that the algorithm is sound and complete under noninterference assumption. Formally, we show that the security policy query evaluation algorithm with conflict and unsettlement resolution still works very well on ПHM. The approach is automatic, so it doesn＇t require a administrator with excess abilities. In this sense, our proposal can help us to save much manpower resource in security management and improves the security assurance abilities.

关 键 词：security policy REWRITING logic program COMPLIANCE 

分 类 号：TP31[自动化与计算机技术—计算机软件与理论] TP393.08[自动化与计算机技术—计算机科学与技术]