Journal of Software:2012.23(4):912-927

(中国科学院 计算技术研究所, 北京 100190; 解放军信息工程大学 电子技术学院, 河南 郑州 450004; 中国科学院 研究生院, 北京 100049)
Approach of Security Policy Expression and Verification Based on Well-Founded Semantic
BAO Yi-Bao,YIN Li-Hua,FANG Bin-Xing,GUO Li
(Institute of Computing Technology, The Chinese Academy of Sciences, Beijing 100190, China; Institute of Electronic Technology, Information Engineering University of PLA, Zhengzhou 450004, China; Graduate University, The Chinese Academy of Sciences, Beijin)
Chart / table
Similar Articles
Article :Browse 3197   Download 3093
Received:September 15, 2010    Revised:January 31, 2011
> 中文摘要: 提出了一种基于一阶逻辑的安全策略管理框架.首先,研究安全策略的语法和语义,给出将安全策略转换成扩展型逻辑程序的算法,进而构造出安全策略基本查询算法;其次,给出将安全策略复杂查询转换成基本查询的算法,进而构造出安全策略验证算法.在良基语义下,上述算法是可终止的、可靠的和完备的,且计算复杂度都是多项式级的.该框架可以在统一的良基语义下实现安全策略表达、语义查询和验证,保证安全策略验证的有效性.此外,该框架不仅兼容现有主流的安全策略语言,还能够管理具有非单调和递归等高级特性的安全策略.
Abstract:This study proposes a logic-based security policy framework. First, the study proposes the security policy syntax and semantic. Next, four algoritms are proposed to transfer first-order logic based security policies into extended logic programs to evaluate queries with simple goals, to transfer complex queries into simple ones, and to verify security policies against complex security properties. Under well-founded semantics, all the algorithms are sound and completed, and their computational complexities are polynomial. In this framework, security policy declaration, evaluation and verification are executed under the same semantics, which is significant for security policy management. Furthmore, the framework can manage the security policies with advanced features, such as non-monotony and recursion, which is not supported in many existent security policy management frameworks.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(61070186); 国家高技术研究发展计划(863)(2009AA01Z438, 2009AA01Z43); 国家重点基础研究发展计划(973)(2007CB311100) 国家自然科学基金(61070186); 国家高技术研究发展计划(863)(2009AA01Z438, 2009AA01Z43); 国家重点基础研究发展计划(973)(2007CB311100)
Foundation items:
Reference text:


BAO Yi-Bao,YIN Li-Hua,FANG Bin-Xing,GUO Li.Approach of Security Policy Expression and Verification Based on Well-Founded Semantic.Journal of Software,2012,23(4):912-927