面向服务访问控制策略精化描述  被引量:2

Description of Service Oriented Access Control Policy Refinement

在线阅读下载全文

作  者:吴迎红[1] 黄皓[1] 曾庆凯[1] 

机构地区:[1]计算机软件新技术国家重点实验室(南京大学),南京210046

出  处:《计算机研究与发展》2014年第11期2470-2482,共13页Journal of Computer Research and Development

基  金:国家"八六三"高技术研究发展计划基金项目(2011AA01A202)

摘  要:策略精化是解决分布式应用访问控制策略配置复杂性的重要方法.现有的策略精化技术给出了分层策略描述和逐层精化的方法,但是描述和处理策略之间关联问题能力不足,影响策略精化应用.为此给出了策略和包括组合、互斥、精化、访问路径协同等策略之间关系的形式描述方法,提出了能够描述策略之间关联属性的精化算法和记录策略和策略之间这些关联属性的策略精化树构建方法,为策略精化中的策略关联问题处理提供基础.策略精化树还能直观呈现访问控制的服务品质协议(service-level agreement,SLA).Policy refinement is an important method to resolve the configuration complexity of access control policies for distributed applications. Although the current policy refinement techniques make it possible to describe the layered policies and refine the policies layer by layer, it is not easy of these methods to describe and analyze the associated attributes among different policies. The wide use of policy refinement is thus hindered. In this paper, new methods for the description of policies and relationships among them such as composition, mutual exclusion, refinement and path cooperation are given. A new algorithm for policies refinement with relationship description ability is proposed. A refine-tree construction method with the capability of describing the policies and the relationships among these policies is also proposed with the algorithm. This provides a basis for solving the issue of the associating attributes between policies in the policy refinement process. The policies refine-tree can also be used to demonstrate the SLA (service level agreement) of access control.

关 键 词:模型驱动架构 访问控制 策略描述 策略精化 策略冲突分析 关联属性 

分 类 号:TP309.2[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象