计算机工程
計算機工程
계산궤공정
COMPUTER ENGINEERING
2013年
6期
200-204
,共5页
刘江%张红旗%代向东%王义功
劉江%張紅旂%代嚮東%王義功
류강%장홍기%대향동%왕의공
基于属性的访问控制模型%策略管理%静态策略%策略冲突%策略属性分解%冲突检测
基于屬性的訪問控製模型%策略管理%靜態策略%策略遲突%策略屬性分解%遲突檢測
기우속성적방문공제모형%책략관리%정태책략%책략충돌%책략속성분해%충돌검측
Attribute Based Access Control(ABAC) model%policy management%static policy%policy conflict%policy attributes decomposition%conflict detection
在分布式计算环境下,传统基于属性的静态访问控制策略多存在扩展性差、难以实现等问题。针对上述问题,提出一种基于策略属性分解的冲突检测算法。该算法对策略属性进行分解,构造策略属性分解图,判断策略属性值之间的相交关系,根据静态策略冲突的定义进行策略冲突检测,从而提高策略冲突检测算法的可扩展性和易实现性。实验结果表明,该算法对静态策略冲突的检测率接近85%。
在分佈式計算環境下,傳統基于屬性的靜態訪問控製策略多存在擴展性差、難以實現等問題。針對上述問題,提齣一種基于策略屬性分解的遲突檢測算法。該算法對策略屬性進行分解,構造策略屬性分解圖,判斷策略屬性值之間的相交關繫,根據靜態策略遲突的定義進行策略遲突檢測,從而提高策略遲突檢測算法的可擴展性和易實現性。實驗結果錶明,該算法對靜態策略遲突的檢測率接近85%。
재분포식계산배경하,전통기우속성적정태방문공제책략다존재확전성차、난이실현등문제。침대상술문제,제출일충기우책략속성분해적충돌검측산법。해산법대책략속성진행분해,구조책략속성분해도,판단책략속성치지간적상교관계,근거정태책략충돌적정의진행책략충돌검측,종이제고책략충돌검측산법적가확전성화역실현성。실험결과표명,해산법대정태책략충돌적검측솔접근85%。
This paper discusses static access control policy conflict detection of Attribute Based Access Control(ABAC) in the distributed computing environment, proposes a static policy conflict detection algorithm based on policy attributes decomposition. Policy attributes are decomposed and the graph of policy attributes decomposition is constructed. The intersection relationship between predicates of policy attribute is judged. The algorithm detects policy conflicts by the definition of static policy conflict which improves extensibility and achievability. Experimental result indicates that the policy conflict detection rate of proposed algorithm can reach 85%.
