检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:张玉秀 王勇 周林 ZHANG Yu-xiu;WANG Yong;ZHOU Lin(College of Computer Science and Technology,Shanghai University of Electric Power,Shanghai 200090,China)
机构地区:[1]上海电力大学计算机科学与技术学院,上海200090
出 处:《计算机工程与设计》2023年第3期685-691,共7页Computer Engineering and Design
基 金:国家自然科学基金面上基金项目(61772327);上海市自然科学基金项目(20ZR1455900)。
摘 要:针对访问控制策略评估效率问题,提出基于有限状态自动机(finite state automaton,FSA)和重排序的访问控制策略评估方案。以四元组的形式表示策略,构建FSA策略模型检测策略异常,消除策略中的冲突规则以及冗余规则,实现策略评估的前期优化;提出基于重排序的策略评估算法,重排序策略中的规则以及每个规则中的属性-值对(attribute-value pairs,AVP),减少评估访问请求过程中遍历的规则数和属性比较次数。实验结果表明,与传统策略评估引擎相比,该方案检测策略异常效率以及评估效率均有很大提升。To solve the efficiency problem of access control policy evaluation,an access control policy evaluation scheme based on finite state automaton(FSA)and reordering was proposed.The policy was represented as quadruple form,and the FSA policy model was constructed to detect policy exceptions,so that the conflict rules and redundant rules in the policy were eliminated,and the early optimization of policy evaluation was realized.A policy evaluation algorithm based on reordering was proposed,which reordered the rules in the policy and the attribute-value pairs(AVP)in each rule to reduce the number of rules traversed and that of attribute comparison in the process of evaluating access requests.The simulation results show that compared with the traditional policy evaluation engine,the efficiency of detecting policy abnormalities and that of evaluating policy is improved greatly.
关 键 词:访问控制 策略评估 有限状态自动机 冲突检测 冗余检测 属性完整性验证 重排序
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49