计算机研究与发展
計算機研究與髮展
계산궤연구여발전
JOURNAL OF COMPUTER RESEARCH AND DEVELOPMENT
2001年
6期
735-740
,共6页
访问控制%私有权限%冲突%回答集%访问请求
訪問控製%私有權限%遲突%迴答集%訪問請求
방문공제%사유권한%충돌%회답집%방문청구
为适应分布式环境下的安全需求,提出了一种描述访问控制策略和判定访问请求的方法.采用类似于无函数的扩展逻辑程序的表示方法对安全访问策略进行描述,限定权限传播的深度,利用不同的优先次序定义了多种消解冲突的规则,并给出了类似扩展逻辑程序的回答集语义解释.结合确定性推理和可能性推理,描述了如何判定访问请求的算法.解决了3个问题:分布式授权、私有权限和冲突消解方法.
為適應分佈式環境下的安全需求,提齣瞭一種描述訪問控製策略和判定訪問請求的方法.採用類似于無函數的擴展邏輯程序的錶示方法對安全訪問策略進行描述,限定權限傳播的深度,利用不同的優先次序定義瞭多種消解遲突的規則,併給齣瞭類似擴展邏輯程序的迴答集語義解釋.結閤確定性推理和可能性推理,描述瞭如何判定訪問請求的算法.解決瞭3箇問題:分佈式授權、私有權限和遲突消解方法.
위괄응분포식배경하적안전수구,제출료일충묘술방문공제책략화판정방문청구적방법.채용유사우무함수적확전라집정서적표시방법대안전방문책략진행묘술,한정권한전파적심도,이용불동적우선차서정의료다충소해충돌적규칙,병급출료유사확전라집정서적회답집어의해석.결합학정성추리화가능성추리,묘술료여하판정방문청구적산법.해결료3개문제:분포식수권、사유권한화충돌소해방법.
The security requirements of distributed systems are changing. In this paper an approach to represent the access control policies and evaluate the access requests is proposed. Extended logic programs without functions are introduced to represent the diverse access control policies, and the propagation depth and direction of privileges along the entity hierarchy can be constrained. After privilege conflicts are resolved according to the rules based on priority between different grantors and entities, semantics as answer sets of extended logic programs is attained. Based on certainty and possibility reasoning, an algorithm to determine whether an access request is authorized is proposed. The three issues of distributed authorization, private privileges and conflict resolution are resolved.