计算机科学 ›› 2018, Vol. 45 ›› Issue (2): 197-202.doi: 10.11896/j.issn.1002-137X.2018.02.034
江泽涛,谢朕,王琦,张文辉
JIANG Ze-tao, XIE Zhen, WANG Qi and ZHANG Wen-hui
摘要: 针对基于属性的访问控制模型(Attribute-Based Access Control,ABAC)存在的静态策略冲突及冗余问题,提出了一种基于属性集有序化及二进制屏蔽码的静态策略冲突检测算法。该算法能够检测出全部的静态冲突,相对于目前典型的暴力算法与属性分割算法,降低了时间复杂度和空间复杂度;同时支持属性的新增及策略的新增或删除,能够更好地满足现代复杂网络环境的要求。
[1] FENG D G,ZHANG M,ZHANG Y,et al.Study on Cloud Com-puting Security[J].Journal of Software,2011,2(1):71-83.(in Chinese) 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83. [2] WANG Y D,YANG J H,XU C,et al.Survey on Access Control Technologies for Cloud Computing[J].Journal of Software,2015,6(5):1129-1150.(in Chinese) 王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150. [3] LI F H,SU M,SHI G Z,et al.Research Status and Development Trends of Access Control Model[J].Acta Electronica Sinica,2012,0(4):805-813.(in Chinese) 李凤华,苏铓,史国振,等.访问控制模型研究进展及发展趋势[J].电子学报,2012,40(4):805-813. [4] ZHANG X,LI Y,NALLA D.An attribute-based access matrix model[C]∥Proceedings of the 2005 ACM Symposium on Applied Computing.ACM,2005:359-363. [5] YUAN E,TONG J.Attributed based access control (ABAC)for web services[C]∥IEEE International Conference on Web Services (ICWS’05).IEEE,2005. [6] WANG X M,FU H,ZHANG L G.Research Progress on Attribute-Based Access Control[J].Acta Electronica Sinica,2010,8(7):1660-1667.(in Chinese) 王小明,付红,张立臣.基于属性的访问控制研究进展[J].电子学报,2010,38(7):1660-1667. [7] ZOU J S,ZHANG Y S,GAO Y.Research of ABAC Modelbased on Usage Control under Cloud Environment[J].Application Research of Computers,2014,1(12):3692-3694.(in Chinese) 邹佳顺,张永胜,高艳.云环境下基于使用控制的ABAC模型研究[J].计算机应用研究,2014,31(12):3692-3694. [8] LI R X,LU J F,LI T Y.et al.An Approach for Resolving Inconsistency Conflicts in Access Control Policies[J].Chinese Journal of Computers,2013,6(6):1210-1223.(in Chinese) 李瑞轩,鲁剑锋,李添翼,等.一种访问控制策略非一致性冲突消解方法[J].计算机学报,2013,36(6):1210-1223. [9] DUBOIS D,LANG J,PRADE H.Possibilistic logic 1.http://core.ac.uk/display/20741884. [10] LANG J.Possibilistic logic:complexity and algorithms[M]∥Handbook of defeasible reasoning and uncertainty management systems.Springer Netherlands,2000:179-220. [11] DAMIANOU N,DUALAY N,LUPU E,et al.The ponder policy specification language[M]∥Policies for Distributed Systems and Networks.Springer Berlin Heidelberg,2001:18-38. [12] CAMPBELL G A.Ontologies for Resolution Policy Definitionand Policy Conflict Detection[R].Department of Computing Science and Mathematics,University of Stirling,2007. [13] DAVY S,JENNINGS B,STRASSNER J.The policy continuum-Policy authoring and conflict analysis[J].Computer Communications,2008,31(13):2981-2995. [14] WANG Y Z,FENG D G.A Conflict and Redundancy Analysis Method for XACML Rules[J].Chinese Journal of Computers,2009,32(3):516-530.(in Chinese) 王雅哲,冯登国.一种 XACML 规则冲突及冗余分析方法[J].计算机学报,2009,32(3):516-530. [15] HUANG F,HUANG Z,LIU L.A DL-based method for access control policy conflict detecting[C]∥Proceedings of the First Asia-Pacific Symposium on Internetware.ACM,2009:16. [16] CALERO J M A,PREZ J M M,BERNAB J B,et al.Detection of semantic conflicts in ontology and rule-based information systems[J].Data & Knowledge Engineering,2010,69(11):1117-1137. [17] LIU J,ZHANG H Q,DAI X D,et al.A Static Policy Conflict Detection Algorithm for Attribute Based Access Control[J].Computer Engineering,2013,9(6):200-204.(in Chinese) 刘江,张红旗,代向东,等.一种 ABAC 静态策略冲突检测算法[J].计算机工程,2013,39(6):200-204. |
No related articles found! |
|