一种基于屏蔽码的ABAC静态策略冲突与冗余检测算法
|
摘要
针对基于属性的访问控制模型(Attribute-Based Access Control,ABAC)存在的静态策略冲突及冗余问题,提出了一种基于属性集有序化及二进制屏蔽码的静态策略冲突检测算法。该算法能够检测出全部的静态冲突,相对于目前典型的暴力算法与属性分割算法,降低了时间复杂度和空间复杂度;同时支持属性的新增及策略的新增或删除,能够更好地满足现代复杂网络环境的要求。
A static policy conflict detection algorithm based on ordered attribute set and binary mask key was proposed.The algorithm can detect all of the static policy conflicts and redundancy in attribute-based access control model.Compared with the typical violence algorithm and the attribute segmentation algorithm,the proposed algorithm can reduce the time complexity and space complexity.Furthermore,it supports adding and removing attributes from set.New algorithm can meet the requirements of modern complex network environments.
A static policy conflict detection algorithm based on ordered attribute set and binary mask key was proposed.The algorithm can detect all of the static policy conflicts and redundancy in attribute-based access control model.Compared with the typical violence algorithm and the attribute segmentation algorithm,the proposed algorithm can reduce the time complexity and space complexity.Furthermore,it supports adding and removing attributes from set.New algorithm can meet the requirements of modern complex network environments.
引文
[1]FENG D G,ZHANG M,ZHANG Y,et al.Study on Cloud Computing Security[J].Journal of Software,2011,22(1):71-83.(in Chinese)冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83.
[2]WANG Y D,YANG J H,XU C,et al.Survey on Access Control Technologies for Cloud Computing[J].Journal of Software,2015,26(5):1129-1150.(in Chinese)王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150.
[3]LI F H,SU M,SHI G Z,et al.Research Status and Development Trends of Access Control Model[J].Acta Electronica Sinica,2012,40(4):805-813.(in Chinese)李凤华,苏铓,史国振,等.访问控制模型研究进展及发展趋势[J].电子学报,2012,40(4):805-813.
[4]ZHANG X,LI Y,NALLA D.An attribute-based access matrix model[C]∥Proceedings of the 2005 ACM Symposium on Applied Computing.ACM,2005:359-363.
[5]YUAN E,TONG J.Attributed based access control(ABAC)for web services[C]∥IEEE International Conference on Web Services(ICWS’05).IEEE,2005.
[6]WANG X M,FU H,ZHANG L G.Research Progress on Attribute-Based Access Control[J].Acta Electronica Sinica,2010,38(7):1660-1667.(in Chinese)王小明,付红,张立臣.基于属性的访问控制研究进展[J].电子学报,2010,38(7):1660-1667.
[7]ZOU J S,ZHANG Y S,GAO Y.Research of ABAC Model based on Usage Control under Cloud Environment[J].Application Research of Computers,2014,31(12):3692-3694.(in Chinese)邹佳顺,张永胜,高艳.云环境下基于使用控制的ABAC模型研究[J].计算机应用研究,2014,31(12):3692-3694.
[8]LI R X,LU J F,LI T Y.et al.An Approach for Resolving Inconsistency Conflicts in Access Control Policies[J].Chinese Journal of Computers,2013,36(6):1210-1223.(in Chinese)李瑞轩,鲁剑锋,李添翼,等.一种访问控制策略非一致性冲突消解方法[J].计算机学报,2013,36(6):1210-1223.
[9]DUBOIS D,LANG J,PRADE H.Possibilistic logic 1[OL].http://core.ac.uk/display/20741884.
[10]LANG J.Possibilistic logic:complexity and algorithms[M]∥Handbook of defeasible reasoning and uncertainty management systems.Springer Netherlands,2000:179-220.
[11]DAMIANOU N,DUALAY N,LUPU E,et al.The ponder policy specification language[M]∥Policies for Distributed Systems and Networks.Springer Berlin Heidelberg,2001:18-38.
[12]CAMPBELL G A.Ontologies for Resolution Policy Definition and Policy Conflict Detection[R].Department of Computing Science and Mathematics,University of Stirling,2007.
[13]DAVY S,JENNINGS B,STRASSNER J.The policy continuumPolicy authoring and conflict analysis[J].Computer Communications,2008,31(13):2981-2995.
[14]WANG Y Z,FENG D G.A Conflict and Redundancy Analysis Method for XACML Rules[J].Chinese Journal of Computers,2009,32(3):516-530.(in Chinese)王雅哲,冯登国.一种XACML规则冲突及冗余分析方法[J].计算机学报,2009,32(3):516-530.
[15]HUANG F,HUANG Z,LIU L.A DL-based method for access control policy conflict detecting[C]∥Proceedings of the First Asia-Pacific Symposium on Internetware.ACM,2009:16.
[16]CALERO J M A,PREZ J M M,BERNABJ B,et al.Detection of semantic conflicts in ontology and rule-based information systems[J].Data&Knowledge Engineering,2010,69(11):1117-1137.
[17]LIU J,ZHANG H Q,DAI X D,et al.A Static Policy Conflict Detection Algorithm for Attribute Based Access Control[J].Computer Engineering,2013,39(6):200-204.(in Chinese)刘江,张红旗,代向东,等.一种ABAC静态策略冲突检测算法[J].计算机工程,2013,39(6):200-204.
[2]WANG Y D,YANG J H,XU C,et al.Survey on Access Control Technologies for Cloud Computing[J].Journal of Software,2015,26(5):1129-1150.(in Chinese)王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150.
[3]LI F H,SU M,SHI G Z,et al.Research Status and Development Trends of Access Control Model[J].Acta Electronica Sinica,2012,40(4):805-813.(in Chinese)李凤华,苏铓,史国振,等.访问控制模型研究进展及发展趋势[J].电子学报,2012,40(4):805-813.
[4]ZHANG X,LI Y,NALLA D.An attribute-based access matrix model[C]∥Proceedings of the 2005 ACM Symposium on Applied Computing.ACM,2005:359-363.
[5]YUAN E,TONG J.Attributed based access control(ABAC)for web services[C]∥IEEE International Conference on Web Services(ICWS’05).IEEE,2005.
[6]WANG X M,FU H,ZHANG L G.Research Progress on Attribute-Based Access Control[J].Acta Electronica Sinica,2010,38(7):1660-1667.(in Chinese)王小明,付红,张立臣.基于属性的访问控制研究进展[J].电子学报,2010,38(7):1660-1667.
[7]ZOU J S,ZHANG Y S,GAO Y.Research of ABAC Model based on Usage Control under Cloud Environment[J].Application Research of Computers,2014,31(12):3692-3694.(in Chinese)邹佳顺,张永胜,高艳.云环境下基于使用控制的ABAC模型研究[J].计算机应用研究,2014,31(12):3692-3694.
[8]LI R X,LU J F,LI T Y.et al.An Approach for Resolving Inconsistency Conflicts in Access Control Policies[J].Chinese Journal of Computers,2013,36(6):1210-1223.(in Chinese)李瑞轩,鲁剑锋,李添翼,等.一种访问控制策略非一致性冲突消解方法[J].计算机学报,2013,36(6):1210-1223.
[9]DUBOIS D,LANG J,PRADE H.Possibilistic logic 1[OL].http://core.ac.uk/display/20741884.
[10]LANG J.Possibilistic logic:complexity and algorithms[M]∥Handbook of defeasible reasoning and uncertainty management systems.Springer Netherlands,2000:179-220.
[11]DAMIANOU N,DUALAY N,LUPU E,et al.The ponder policy specification language[M]∥Policies for Distributed Systems and Networks.Springer Berlin Heidelberg,2001:18-38.
[12]CAMPBELL G A.Ontologies for Resolution Policy Definition and Policy Conflict Detection[R].Department of Computing Science and Mathematics,University of Stirling,2007.
[13]DAVY S,JENNINGS B,STRASSNER J.The policy continuumPolicy authoring and conflict analysis[J].Computer Communications,2008,31(13):2981-2995.
[14]WANG Y Z,FENG D G.A Conflict and Redundancy Analysis Method for XACML Rules[J].Chinese Journal of Computers,2009,32(3):516-530.(in Chinese)王雅哲,冯登国.一种XACML规则冲突及冗余分析方法[J].计算机学报,2009,32(3):516-530.
[15]HUANG F,HUANG Z,LIU L.A DL-based method for access control policy conflict detecting[C]∥Proceedings of the First Asia-Pacific Symposium on Internetware.ACM,2009:16.
[16]CALERO J M A,PREZ J M M,BERNABJ B,et al.Detection of semantic conflicts in ontology and rule-based information systems[J].Data&Knowledge Engineering,2010,69(11):1117-1137.
[17]LIU J,ZHANG H Q,DAI X D,et al.A Static Policy Conflict Detection Algorithm for Attribute Based Access Control[J].Computer Engineering,2013,39(6):200-204.(in Chinese)刘江,张红旗,代向东,等.一种ABAC静态策略冲突检测算法[J].计算机工程,2013,39(6):200-204.