###
Journal of Software:2015.26(6):1534-1556

基于开放逻辑R反驳计算的访问控制策略精化
吴迎红,黄皓,吕庆伟,曾庆凯,张迪明
(计算机软件新技术国家重点实验室(南京大学), 江苏 南京 210046)
Access Control Policy Refinement Technology Based on Open Logic R-Refutation Calculus
WU Ying-Hong,HUANG Hao,LÜ Qing-Wei,ZENG Qing-Kai,ZHANG Di-Ming
(National Key Laboratory for Novel Software Technology (Nanjing University), Nanjing 210046, China)
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 1935   Download 2184
Received:March 21, 2013    Revised:May 09, 2014
> 中文摘要: 策略精化是解决分布式应用访问控制策略配置复杂性的重要方法,现有精化技术给出了策略分层描述和逐层精化的方法,但处理策略之间关联问题的能力不足.基于精化树描述策略和策略关联,基于叶结点策略冲突判断,采用开放逻辑R反驳计算分析精化树策略关联属性,能够消解策略冲突同时保证策略互斥、组合、访问路径协同、精化映射等关联正确,并能够按序消解不同类型策略冲突、自由取舍相冲突的策略.实验与分析计算性能表明,该方法符合SaaS平台客户应用系统策略精化需求.
Abstract:Policy refinement is an important technology to resolve the configuration complexity of access control policies in distributed applications. Existing methods for policy refinement describe and refine policies layer by layer. However, they are weak in dealing with the relationship between policies. In this study, policies and the relationship between them are described based on the policy refinement tree where policies conflict analysis is performed on the leaf nodes to allow using R-refutation calculus of open logic to analyze refinement policy correlation properties. This method can resolve conflicting policies while correctly maintaining mutual exclusion, combination, access path coordination, and refinement mapping of policies. It can also resolve conflicting policies of different types in order, and freely make a choice among conflicting policies. Experiments and performance analysis demonstrate that the presented method meets the need of dynamic adaption of policy refinement for service-oriented application systems on SaaS platform.
文章编号:     中图分类号:    文献标志码:
基金项目:国家高技术研究发展计划(863)(2011AA01A202) 国家高技术研究发展计划(863)(2011AA01A202)
Foundation items:
Reference text:

吴迎红,黄皓,吕庆伟,曾庆凯,张迪明.基于开放逻辑R反驳计算的访问控制策略精化.软件学报,2015,26(6):1534-1556

WU Ying-Hong,HUANG Hao,LÜ Qing-Wei,ZENG Qing-Kai,ZHANG Di-Ming.Access Control Policy Refinement Technology Based on Open Logic R-Refutation Calculus.Journal of Software,2015,26(6):1534-1556