CAJ | 학술논문

为适应分布式环境下的安全需求，提出了一种描述访问控制策略和判定访问请求的方法.采用类似于无函数的扩展逻辑程序的表示方法对安全访问策略进行描述，限定权限传播的深度，利用不同的优先次序定义了多种消解冲突的规则，并给出了类似扩展逻辑程序的回答集语义解释.结合确定性推理和可能性推理，描述了如何判定访问请求的算法.解决了3个问题：分布式授权、私有权限和冲突消解方法.
위괄응분포식배경하적안전수구，제출료일충묘술방문공제책략화판정방문청구적방법.채용유사우무함수적확전라집정서적표시방법대안전방문책략진행묘술，한정권한전파적심도，이용불동적우선차서정의료다충소해충돌적규칙，병급출료유사확전라집정서적회답집어의해석.결합학정성추리화가능성추리，묘술료여하판정방문청구적산법.해결료3개문제：분포식수권、사유권한화충돌소해방법.
The security requirements of distributed systems are changing. In this paper an approach to represent the access control policies and evaluate the access requests is proposed. Extended logic programs without functions are introduced to represent the diverse access control policies, and the propagation depth and direction of privileges along the entity hierarchy can be constrained. After privilege conflicts are resolved according to the rules based on priority between different grantors and entities, semantics as answer sets of extended logic programs is attained. Based on certainty and possibility reasoning, an algorithm to determine whether an access request is authorized is proposed. The three issues of distributed authorization, private privileges and conflict resolution are resolved.