面向业务流程访问控制策略及决策优化方法
면향업무류정방문공제책략급결책우화방법
Access control policy for business process and its optimal methods in policy decision
  • 万方数据
    计算机工程与应用 계산궤공정여응용
    COMPUTER ENGINEERING AND APPLICATIONS
    2013年 19期 83-87 ,共5页

    商铮%张斌

    상쟁%장빈

    XACML策略%访问控制%业务流程%策略%委托 XACML策略%訪問控製%業務流程%策略%委託
    XACML책략%방문공제%업무류정%책략%위탁
    Extensible Access Control Makeup Language(XACML)%access control%business process%policy%delegation
    在分析业务流程访问控制策略需求的基础上,对经典的XACML策略实施框架进行了扩展,提出一种能够根据业务流程执行状态管理策略的实施框架。通过在策略模式中引入<PolicyIssuer>元素和定义<Condition>元素的语义,使其能够描述访问策略和委托策略,并支持任务级最小特权的实现。给出了两种策略决策优化方法,针对策略集中无效策略数量过多的问题,采用逐步裁减法减少策略元素比对的次数,针对策略集中委托策略数量过多且需要验证可信性的问题,采用信任关联法减少策略匹配的次数,有效地提高了策略决策的效率。
    재분석업무류정방문공제책략수구적기출상,대경전적XACML책략실시광가진행료확전,제출일충능구근거업무류정집행상태관리책략적실시광가。통과재책략모식중인입<PolicyIssuer>원소화정의<Condition>원소적어의,사기능구묘술방문책략화위탁책략,병지지임무급최소특권적실현。급출료량충책략결책우화방법,침대책략집중무효책략수량과다적문제,채용축보재감법감소책략원소비대적차수,침대책략집중위탁책략수량과다차수요험증가신성적문제,채용신임관련법감소책략필배적차수,유효지제고료책략결책적효솔。
    By analyzing the requirements of access control for business process, an extended enforcement framework that supports policy management based on state of business process is proposed. By introducing element<PolicyIssuer>and defining semantic of element<Condition>in policy schema, access control policy and delegation policy can both be described and least privilege at task level can be achieved. In order to reduce time cost of policy decision in case that numbers of unrelated policies and dele-gation policies are large, two methods which can reduce the numbers of matching policies and policy elements are proposed.
    원문보기 원문다운로드 사이트로이동
저자의 최근 논문