计算机科学 ›› 2015, Vol. 42 ›› Issue (3): 96-101.doi: 10.11896/j.issn.1002-137X.2015.03.020
倪 川,黄志球,王珊珊,黄传林
NI Chuan, HUANG Zhi-qiu, WANG Shan-shan and HUANG Chuan-lin
摘要: 基于属性的访问控制模型(ABAC)特别适用于大规模分布式网络。然而,由于网络环境的异构性以及策略控制的复杂性,其访问控制策略集往往庞大且缺乏统一语义,策略管理也因此变得复杂和易于出错。针对以上问题,使用本体一致性推理对现有的基于XACML的ABAC授权框架进行扩展:首先,对几种主要的访问控制模型在分布式环境下的性能进行量化分析;其次,通过对本体知识库的一致性检测来判断策略的一致性;最后,设计一个实验方案来验证该方法的有效性和正确性。
| [1] Oh S,Sandhu R.A Model for Role Administration Using Organ-ization Structure[C]∥SACMAT’02.Monterey,California,USA,June 3-4,2002 [2] Ferraiolo D F,Sandhu R,Gavrila S,et al.Proposed NIST Stan-dard for Role-based Access Control[J].ACM Transactions on Information and SystemsSecurity,2001,4(3) [3] Priebe T,Dobmeier W,Muschall B,et al.ABAC-Ein Referenz model für attribute basierte Zugriffs kontrolle[C]∥Proc.2.Jahrestagung Fachbereich Sicherheit der Gesell schaft für Informatik (Sicherheit 2005).Regensburg,Germany,April 2005 [4] Berners-Lee T.A Roadmap to the Semantic Web.WorldWide Web Consortium,September 1998.http://www.w3.org/DesignIssues/Semantic.html [5] Resource Description Framework (RDF):Concepts and Syntax.World Wide Web Consortium,February 2004.http://www.w3.org/TR/2004/REC-rdf-concepts-2004021 [6] OWL Web Ontology Language Overview.World WideWeb Consortium,February 2004.http://www.w3.org/TR/2004/REC-owl-features-20040210 [7] SWRL:A Semantic Web Rule Language Combining OWL and RuleML.November 2003.http://www.daml.org/2003/11/swrl [8] OASIS eXtensible Access Control Markup Language Technical Committee:eXtensible Access Control Markup Language(XACML).http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml [9] Sandhu R S.Access Control:The Neglected Frontier [C]∥Pieprzyk J P,Seberry J,eds.ACISP 1996.LNCS 1172,Springer:Heidelberg,1996:219-227 [10] Bell D E,LaPadula L J.Secure Computer Systems:Mathematical Foundations and Model[M].Mitre Corp.,Bedford,MA,1975 [11] Huang Jing-wei,Nicol D M,Bobba R,et al.A Framework Integrating Attribute-based Policies into Role-Based Access Control[C]∥SACMAT’12.Newark,New Jersey,USA,June 2012:20-22 [12] RDF Vocabulary Description Language 1.0:RDF SchemaWorld Wide Web Consortium,February 2004.http://www.w3.org/TR/2004/REC-rdf-schema-20040210 [13] Jin X,Krishnan R,Sandhu R.A Unified Attribute-Based Access Control Model Covering DAC,MAC and RBAC[C]∥Cuppens-Boulahia N,Cuppens F,Garcia-Alfaro J,eds.DBSec 2012.LNCS 7371,2012:41-55 [14] Priebe T.Supporting Attribute-based Access Control with On-tologies[C]∥ARES’06.IEEE,2006 [15] Kolter J,Schillinger R,Pernul G.A Privacy-Enhanced Attribu-te-Based Access Control System[C]∥Data and Applications Security 2007.LNCS 4602,2007:129-143 [16] 葛强,沈国华,黄志球,等.Web服务中支持本体推理的隐私保护研究[J].计算机科学与探讨,2013(6):536-544 [17] 黄凤.基于描述逻辑的访问控制策略冲突检测方法研究[D].南京:南京航空航天大学,2010 [18] Yagüe M,Mana A,Lopez L,et al.Applying the Semantic Web Layers to Access Control[C]∥Proc.of the DEXA2003 Workshop on Web Semantics (Webs 2003).Prague,Czech Republic,September 2003 [19] Shen Hai-bo.A Semantic-Aware Attribute-Based Access Con-trol Model for Web Services[C]∥ICA3PP 2009.LNCS 5574,2009:693-703 [20] Cirio L,Cruz I F,Tamassia R.A Role and Attribute Based Access Control System Using Semantic Web Technologies[C]∥OTM 2007 Ws.Part II,LNCS 4806,2007:1256-1266 [21] Zha D,Jing Ji-wu,Liu Peng,et al.Proactive Identification andPrevention of Unexpected Future Rule Conflicts in Attribute Based Access Control[C]∥ICCSA 2010.Part IV,LNCS 6019,2010:468-481 [22] Berners-Lee T,Hall W,James A.et al.Weitzner:A framework for Web science[J].Foundations and Trends in Web Science,2006,1(1):1-130 | 
| No related articles found! | 
| 
 | ||