基于概念格的动态策略存取模型
|
摘要
充分研究了基于策略的网络管理、特别分析了策略存储、冲突检测和消解的现状后,提出了假说:利用概念格保存丰富的应用相关语义信息,能够设计出灵活高效的策略预选和冲突检测算法,提高动态策略系统的运行效率。本文的主要目标是验证该假说的真实性。
主要创新点在于:解决了大规模动态策略应用系统中动态策略存储模型语义信息不充分致使动态策略冲突检测效率低的问题,取得了以下研究成果:①基于概念格的动态策略存取模型:给出了动态策略的形式化定义,利用策略属性值之间的偏序关系对动态策略进行分类,设计了分类形式背景构造方法,定义了动态策略形式分类概念和分类概念格,将应用背景中的语义信息和动态策略分量之间的关系保存到概念格中,设计了基于概念格的动态策略存储流程。②基于概念格的动态策略冲突检测:给出动态策略冲突的形式化定义,设计了冲突概念格获取算法、基于冲突概念格的待比较策略集合选择算法和基于冲突概念格的动态策略冲突检测算法。③基于概念格的动态策略冲突消解:定义了动态策略之间的优先关系和相交关系,定义了动态策略之间的优先策略冲突和相交策略冲突,设计了基于位向量的动态策略属性表示式运算算法、冲突策略改写算法和基于概念格的动态策略冲突消解算法。
As a new network management model, PBNM(policy-based network management) has more flexibility and can be used in the management of Mobile IP network resource and in the management of QoS to allocate the network resources appropiately and to ensure the quality of service for mobile users.PBNM has already been used in mobile environments, in which the policies were authored in advance by network administrators, and therefore could not perceive the changes of the network load in time. The business was interrupted when the network state can not meet the needs of users, which affected the full use of network resources. To improve the performance of a policy system, it is necessary to update policies or generate new policies according to the network state changes. Policies that can reflect the network status changes are called dynamic policies, which are distinct from the traditional policies. We need to investigate the generation model of dynamic policies, to establish the triggering, conflict detection, and conflict resolution mechanisms of dynamic policies, and to build an access model for dynamic policies.
Policies can express high-level goals of the administrators. These goals are achieved by means of low-level network devices. In order to facilitate the translation from high-level goals into low-level device commands, the Internet Engineering Task Force and the Distributed Management Task Force proposed PCIM(policy core information model), which described that a policy was consist of a set of business rules which guided how to manage, allocate and control network resources. Rules indicated actions to be taken under certain conditions. PCIM used the concept of class of object-oriented to describe the elements of a policy, including policy conditions and policy actions. In the IETF policy-based network management framework, the policy information was stored in the policy repository. Other organizations have put forward various policy information models. Information models represent objects and relationships between objects independently from technologies, storage methods, access protocols, and storage types. Data models determine how to store the policies into the policy repository. Data models represent the features of a series of related objects, using terms for a specific data storage and access technology. Directory databases and relational databases are among the most frequently used data models.
From the view point of supporting fast policy conflict detection and resolution, neither directory database nor relational database is an ideal data model by the reason that the core step of policy conflict detection is to determine the intersection between the conditon elements of two policies. This step requires rich semantic information.To build an effective policy system, we need to consider authoring of all levels of policies, conflict detection and conflict resolution as continuous processes. This challenge can be broken through from policy specification, storage and auxiliary tools in order to make the information models, data models and supporting tools to contain enough semantic information.
The definitions of policy conflict and the methods of conflict detection are different in different applications, on different levels, and with different types. That is a big challenge faced by policy system designers. A policy conflict in one application may not necessarily be a policy conflict in another application. Background knowledge of the application is required in the definition of policy conflict and detection. There are various approaches to policy conflict analysis for different application types including language based policy conflict analysis, informatin model based policy conflict analysis, and ontology based policy conflict analysis. Language based policy conflict analysis underutilized application specific information. When the policy repository is large, the conflict detection efficiency is low; informatin model based policy conflict analysis lacks flexibililty when changing the policy language or appliction constraint information, although this approach considers application specific information, and can detect more types of policy conflict; ontolgoy based policy conflict analysis has potential to use knowledge base in the design of flexible conflict detection algorithms, but how to extract semantic information from the information model and ontology is still a challenge.
The research work in this paper has been sponsored by The National Natural Science Foundation of China " Policy-based Dynamic Resource Allocation and Management Mechanism during Mobile IP Handover " (60573128).There are five research issues in the project. This paper highlights the access moodel and mechanism of dynamic policies, involving the storage, conflict detection and conflict resolution of dynamic polices.
A new policy access model, a new policy conflict detection method, and a new policy conflict resolution method are proposed in this paper. The key lies in the fact that rich semantic information is achieved by using a concept lattic to support efficient pollicy conflict detection.
Although the concept lattice has been widely used in the field of data mining, its potential in the area of policy conflict detection is underestimated by the research groups except from our research group.
This article starts from the storage model of dynamic policy system to study how to effectively extract and store the semantic information from the dynamic policy system, and to study how to quickly determine the relationship among the conditon components of policies, with the goal of increasing the efficiency of policy conflict detection and automatically resolving the conflicts among policies.
My research has resolved the problem of low efficient policy conflict detection due to insufficient informaton in the traditonal dynamic policy storage model of large scale dynamic policy applicaton systems. My contributions are as follows:
1, A new access model for dynamic policies based on concept lattice. Include:(1) gave the formal definition of the dynamic policy. (2) pointed out that there exists partial order relationship among the attribute values of policies,and this partial order could be used to classify the dynamic policies. (3) designed a construction method of classification formal context, defined the dynamic policy formal classification concept and classificaton concept lattice, stored the application specific semantic information and the relationships among the conditon components of dynamic policies into the concept lattice. The classification concept latice maked full use of domain knowledge, and it was established according to the attribute value domain, which seldom changed because of the stability of the attribute value. Organizing the policy repository in the form of concept lattice, we can get an efficient and stable classification at the same time this makes the conflict detection more convinient by using the partial order relationship among concepts. (4) designed a dynamic policy storage procedure based on the concept lattice, implemented a prototype policy system, and optimized the procedure of policy searching and the procedure of intersection computation on condition elements of policies.
2, dynamic policy conflict detection algorithms based on concept lattice. Include: (1) gave the formal definition of the dynamic policy conflict; (2) designed an algorithm for getting the conflict concept lattice; (3) designed an algorithm to select the candidate conflict policy set based on the conflict concept lattice; (4) designed an conflict detection algorithm based on the conflict concept lattice. The experiments were performed for the above algorithms. The experimental results show that:after organizing the policy repository in the form of concept lattice, the main work remained to be done is shrinking the span of conflict detection, which is a structure and size-sensitive process, while in the real world, these two factors are usually unchanged because of the stability of semantic informatin, which supports fast policy conflict detection. The policy rules are organized into different formal classification concepts, which makes the new conflict detection algorithm stable and scalable to the size of the rule sets.
3, A new dynamic policy conflict resolution algorithm based on concept lattice. Include:(1) defined the precedence relations and the intesection relations between the dynamic policies; (2) defined the precedence policy conflict and the intersection policy conflict; (3) designed a method to compute the attribute expressions of the dynamic policies based on bit vector; (4) designed algorithms to rewrite conflicting policies; (5) designed concept-lattice-based dynamic policy conflict resolution algorithm.
The main conclusions are as follows:
(1) The current information models of policy systems can not satisfy the requriements of large-scale distributed dynamic policy systems on the demand for rapid conflict detection because of different support degree for semantic information and different degree of the richness of semantic information contained in the model. Thus information extraction and storage method is needed which is independent from the information model. Although the formal concept analysis has been widely used in the field of data mining, its potential in the area of policy conflict detection has not been focused yet.
(2) The classification concept lattice includes semantic information which can be used to determine the correlation between policies. The semantic information can help to design fast policy conflict detection algorithms.
(3) The candidate conflicting policies can be selected with the help of the semantic information contained in the classificatin concept lattice, decreasing the number of deployed policied needed to be compared to the new policy. The flexibility of the policy conflict detection algorithm is increased by the seperation of policy conflict definition from the policy conflict detection algorithm. The policy conflict detection algorithm is able to detect new types of policy conflict if a new policy conflict definition is given.
(4) Different policy conflict resolution algorithms can be designed according to different types of conflict.The appropriate conflict resolution algorithm is automatically called by the conflict resolution services according to the type of conflict, which improved the adaptability of the conflict resolution algorithm to new applications.
Future research directions are as follows:
(1) Although the information model and the concept lattice were used in this thesis, ontology has not been used yet. Next step is to combine the concept lattice, information model and ontology to further get the application specific semantic information, to make full use of the automatic reasoning ability of the ontology, and to improve the interoperability of dynamic policy systems and the performance of the conflict detection.
(2) The methods of conflict resolution provided in this article do not cover all applications. Next step is to provide policy conflict resolution algorithms for new applications to improve the adaptability and flexibility of dynamic policy systems.
(3) The access model of dynamic policies based on the concept lattice was tested only on a single machine, and multi-threading techologies were used to get concurrency. Next step is to test the model on multiple machines by using distributed and parralell technologies.
主要创新点在于:解决了大规模动态策略应用系统中动态策略存储模型语义信息不充分致使动态策略冲突检测效率低的问题,取得了以下研究成果:①基于概念格的动态策略存取模型:给出了动态策略的形式化定义,利用策略属性值之间的偏序关系对动态策略进行分类,设计了分类形式背景构造方法,定义了动态策略形式分类概念和分类概念格,将应用背景中的语义信息和动态策略分量之间的关系保存到概念格中,设计了基于概念格的动态策略存储流程。②基于概念格的动态策略冲突检测:给出动态策略冲突的形式化定义,设计了冲突概念格获取算法、基于冲突概念格的待比较策略集合选择算法和基于冲突概念格的动态策略冲突检测算法。③基于概念格的动态策略冲突消解:定义了动态策略之间的优先关系和相交关系,定义了动态策略之间的优先策略冲突和相交策略冲突,设计了基于位向量的动态策略属性表示式运算算法、冲突策略改写算法和基于概念格的动态策略冲突消解算法。
As a new network management model, PBNM(policy-based network management) has more flexibility and can be used in the management of Mobile IP network resource and in the management of QoS to allocate the network resources appropiately and to ensure the quality of service for mobile users.PBNM has already been used in mobile environments, in which the policies were authored in advance by network administrators, and therefore could not perceive the changes of the network load in time. The business was interrupted when the network state can not meet the needs of users, which affected the full use of network resources. To improve the performance of a policy system, it is necessary to update policies or generate new policies according to the network state changes. Policies that can reflect the network status changes are called dynamic policies, which are distinct from the traditional policies. We need to investigate the generation model of dynamic policies, to establish the triggering, conflict detection, and conflict resolution mechanisms of dynamic policies, and to build an access model for dynamic policies.
Policies can express high-level goals of the administrators. These goals are achieved by means of low-level network devices. In order to facilitate the translation from high-level goals into low-level device commands, the Internet Engineering Task Force and the Distributed Management Task Force proposed PCIM(policy core information model), which described that a policy was consist of a set of business rules which guided how to manage, allocate and control network resources. Rules indicated actions to be taken under certain conditions. PCIM used the concept of class of object-oriented to describe the elements of a policy, including policy conditions and policy actions. In the IETF policy-based network management framework, the policy information was stored in the policy repository. Other organizations have put forward various policy information models. Information models represent objects and relationships between objects independently from technologies, storage methods, access protocols, and storage types. Data models determine how to store the policies into the policy repository. Data models represent the features of a series of related objects, using terms for a specific data storage and access technology. Directory databases and relational databases are among the most frequently used data models.
From the view point of supporting fast policy conflict detection and resolution, neither directory database nor relational database is an ideal data model by the reason that the core step of policy conflict detection is to determine the intersection between the conditon elements of two policies. This step requires rich semantic information.To build an effective policy system, we need to consider authoring of all levels of policies, conflict detection and conflict resolution as continuous processes. This challenge can be broken through from policy specification, storage and auxiliary tools in order to make the information models, data models and supporting tools to contain enough semantic information.
The definitions of policy conflict and the methods of conflict detection are different in different applications, on different levels, and with different types. That is a big challenge faced by policy system designers. A policy conflict in one application may not necessarily be a policy conflict in another application. Background knowledge of the application is required in the definition of policy conflict and detection. There are various approaches to policy conflict analysis for different application types including language based policy conflict analysis, informatin model based policy conflict analysis, and ontology based policy conflict analysis. Language based policy conflict analysis underutilized application specific information. When the policy repository is large, the conflict detection efficiency is low; informatin model based policy conflict analysis lacks flexibililty when changing the policy language or appliction constraint information, although this approach considers application specific information, and can detect more types of policy conflict; ontolgoy based policy conflict analysis has potential to use knowledge base in the design of flexible conflict detection algorithms, but how to extract semantic information from the information model and ontology is still a challenge.
The research work in this paper has been sponsored by The National Natural Science Foundation of China " Policy-based Dynamic Resource Allocation and Management Mechanism during Mobile IP Handover " (60573128).There are five research issues in the project. This paper highlights the access moodel and mechanism of dynamic policies, involving the storage, conflict detection and conflict resolution of dynamic polices.
A new policy access model, a new policy conflict detection method, and a new policy conflict resolution method are proposed in this paper. The key lies in the fact that rich semantic information is achieved by using a concept lattic to support efficient pollicy conflict detection.
Although the concept lattice has been widely used in the field of data mining, its potential in the area of policy conflict detection is underestimated by the research groups except from our research group.
This article starts from the storage model of dynamic policy system to study how to effectively extract and store the semantic information from the dynamic policy system, and to study how to quickly determine the relationship among the conditon components of policies, with the goal of increasing the efficiency of policy conflict detection and automatically resolving the conflicts among policies.
My research has resolved the problem of low efficient policy conflict detection due to insufficient informaton in the traditonal dynamic policy storage model of large scale dynamic policy applicaton systems. My contributions are as follows:
1, A new access model for dynamic policies based on concept lattice. Include:(1) gave the formal definition of the dynamic policy. (2) pointed out that there exists partial order relationship among the attribute values of policies,and this partial order could be used to classify the dynamic policies. (3) designed a construction method of classification formal context, defined the dynamic policy formal classification concept and classificaton concept lattice, stored the application specific semantic information and the relationships among the conditon components of dynamic policies into the concept lattice. The classification concept latice maked full use of domain knowledge, and it was established according to the attribute value domain, which seldom changed because of the stability of the attribute value. Organizing the policy repository in the form of concept lattice, we can get an efficient and stable classification at the same time this makes the conflict detection more convinient by using the partial order relationship among concepts. (4) designed a dynamic policy storage procedure based on the concept lattice, implemented a prototype policy system, and optimized the procedure of policy searching and the procedure of intersection computation on condition elements of policies.
2, dynamic policy conflict detection algorithms based on concept lattice. Include: (1) gave the formal definition of the dynamic policy conflict; (2) designed an algorithm for getting the conflict concept lattice; (3) designed an algorithm to select the candidate conflict policy set based on the conflict concept lattice; (4) designed an conflict detection algorithm based on the conflict concept lattice. The experiments were performed for the above algorithms. The experimental results show that:after organizing the policy repository in the form of concept lattice, the main work remained to be done is shrinking the span of conflict detection, which is a structure and size-sensitive process, while in the real world, these two factors are usually unchanged because of the stability of semantic informatin, which supports fast policy conflict detection. The policy rules are organized into different formal classification concepts, which makes the new conflict detection algorithm stable and scalable to the size of the rule sets.
3, A new dynamic policy conflict resolution algorithm based on concept lattice. Include:(1) defined the precedence relations and the intesection relations between the dynamic policies; (2) defined the precedence policy conflict and the intersection policy conflict; (3) designed a method to compute the attribute expressions of the dynamic policies based on bit vector; (4) designed algorithms to rewrite conflicting policies; (5) designed concept-lattice-based dynamic policy conflict resolution algorithm.
The main conclusions are as follows:
(1) The current information models of policy systems can not satisfy the requriements of large-scale distributed dynamic policy systems on the demand for rapid conflict detection because of different support degree for semantic information and different degree of the richness of semantic information contained in the model. Thus information extraction and storage method is needed which is independent from the information model. Although the formal concept analysis has been widely used in the field of data mining, its potential in the area of policy conflict detection has not been focused yet.
(2) The classification concept lattice includes semantic information which can be used to determine the correlation between policies. The semantic information can help to design fast policy conflict detection algorithms.
(3) The candidate conflicting policies can be selected with the help of the semantic information contained in the classificatin concept lattice, decreasing the number of deployed policied needed to be compared to the new policy. The flexibility of the policy conflict detection algorithm is increased by the seperation of policy conflict definition from the policy conflict detection algorithm. The policy conflict detection algorithm is able to detect new types of policy conflict if a new policy conflict definition is given.
(4) Different policy conflict resolution algorithms can be designed according to different types of conflict.The appropriate conflict resolution algorithm is automatically called by the conflict resolution services according to the type of conflict, which improved the adaptability of the conflict resolution algorithm to new applications.
Future research directions are as follows:
(1) Although the information model and the concept lattice were used in this thesis, ontology has not been used yet. Next step is to combine the concept lattice, information model and ontology to further get the application specific semantic information, to make full use of the automatic reasoning ability of the ontology, and to improve the interoperability of dynamic policy systems and the performance of the conflict detection.
(2) The methods of conflict resolution provided in this article do not cover all applications. Next step is to provide policy conflict resolution algorithms for new applications to improve the adaptability and flexibility of dynamic policy systems.
(3) The access model of dynamic policies based on the concept lattice was tested only on a single machine, and multi-threading techologies were used to get concurrency. Next step is to test the model on multiple machines by using distributed and parralell technologies.
引文
[1]AUST S, PROETEL D, FIKOURAS N A, GORG C, PAMPU C. Policy based mobile IP handoff decision (polimand) using generic link layer information, Proceedings of the Fifth IFIP-TC6 International Conference,Mobile and Wireless Communications Networks, Singapore, October 27-29,2003[C]. Singapore: IEEE,2003.
[2]ISO/IEC 10040-1998.Information technology-Open Systems Interconnection-Systems management overview. [S].1998.
[3]RFC 1155-1990. Structure and Identification of Management Information for TCP/IP based internets.[S].1990.
[4]RFC 1156-1990.Management Information Base Network.[S].1990.
[5]RFC 1157-1990.A Simple Network Management Protocol.[S].1990.
[6]RFC 1441-1993.Introductionto SNMP v2.[S].1993.
[7]RFC 2578-1999.Structure of Management Information for SNMP v2.[S].1999.
[8]RFC 2579-1999.Textual Conventions for SNMP v2.[S].1999.
[9]RFC 2580-1999.Conformance Statements for SNMP v2.[S].1999.
[10]RFC 3410-2002.Introduction and Applicability Statements for Internet Standard Management Framework.[S].2002.
[11]RFC 3411-2002. An Architecture for Describing SNMP Frameworks. [S].2002.
[12]RFC 3412-2002.Message Processing and Dispatching for the SNMP. [S].2002.
[13]RFC 3413-2002. SNMP Applications. [S].2002.
[14]RFC 3414-2002. User-based Security Model (USM) for SNMP v3.[S].2002.
[15]RFC 3415-2002. View-based Access Control Model for the SNMP.[S].2002.
[16]RFC 3416-2002. Protocol Operations for SNMP v2.[S].2002.
[17]RFC 3417-2002. Transport Mappings for SNMP v2.[S].2002.
[18]RFC 3418-2002. Management Information Base for SNMP v2.[S].2002.
[19]RFC 3584-2003. Coexistence between SNMP v1, v2 and v3.[S].2003.
[20]McCloghrie, K., and M. Rose. Management Information Base for Network Management of TCP/IP-based internets. RFC 1066, TWG, August 1998.
[21]http://www.dmtf.org/standards/cim
[22]http://www.rational.com/uml.
[23]Lee Y T. Information modeling:from design to implementation. National Institute of Standards and Technology,1999, pp.1-8.
[24]RFC 3444-2003. On The Difference between Information Models and Data. [S].2003.
[25]International Organiazation for Standardization. Information processing systems-Opne Systems Interconnection-Specification of Abstrace Syntax Notation One (ASN.1). International Standard 8824[S].1987.
[26]McCloghrie K, Perkins D, Schoenwaelder J. Structure of Management Information Version 2(SMIv2). STD 58, RFC 2578, April 1999.
[27]RFC 3159-2001. Structure of Policy Provisioning Information. [S].2001.
[28]International Telecommunication Union. Information technology-Open Systems Interconnection-Structure of Management Information:Guidelines for the Definition of Managed Objects. Recommentation X.722,1992.
[29]Distributed Management Task Force. Common Information Model Specification Version 2.2. DSP 0004, June 1999.
[30]RFC 3780-2004. SMIng-Nextt Generation Structure of Management Information.[S].2004.
[31]RFC 3781-2004. Nextt Generation Structure of Management Information-Mappings to the Simple Network Management Protocol.[S].2004.
[32]SMIng Working Group. SMIng Mappings to COPS-PR. draft-ietf-sming-copspr-OO.txt, Feb 2001.
[33]PIN P, CHEN S. The Entity-Relationship Model-Towards a Unified View of Data. In:ACM Transactions on database Systems, Vol.1, No.1, March,1976, pp.9-36.
[34]D. Appleton Company, Inc., "Integrated Information Support System: Information Modeling Manual, IDEF1-Extended (IDEF1X)," ICAM Project Priority 6201,Subcontract #013-078846, USAF Prime Contract#F33615-80-C-5155, Wright-Patterson Air Force Base,Ohio, December, 1985.
[35]ISO 10303-11:1994(E), Industrial Automation Systems and Integration-Product Data Representation and Exchange-Part 11:The EXPRESS Language Reference Manual.
[36]Schenck D, Wilson, P. "Information Modeling the EXPRESS Way[M].Oxford University Press, New York, NY,1994.
[37]Taberer J. What Is RDF. http://www.xml.com/pub/a/2001/01/24/rdf.htmlRDF.July 26,2006.
[38]http://www.w3.org/TR/2004/REC-owl-features-20040210/
[39]Strassner J. Policy Based Network Management. Morgan Kaufman[M].ISBN 1-55860-859-1.2003.
[40]http://www.tmforum.org/BestPracticesStandards/InformationFramework/1684/H ome.html
[41]Strassner J. Directory Enabled Networks. Macmillan Technical Publishing[M].ISBN 1-57870-140-6.
[42]Strassner J. DEN-ng:achieving business-driven network management [M].Network Operations and Management Symposium, August,2002. pp. 753-756.
[43]Model Driven Architecture-A Technical Perspective. http://www.omg.org/cgi-bin/doc?ormsc/2001-07-01
[44]Developing in OMG/s Model Driven Architecture. ftp://ftp.omg.org/pub/docs/omg/01-12-01.pdf
[45]Steven Davy B A. Harnessing Information Models and Ontologies for Policy Conflict Analysis [D]. Waterford Institute of Technology, September 2008.
[46]TMF. GB921:eTOM-the Business Process Framework, version 3.5, July 2003.
[47]TMF. GB922:Shared Information/Data Model:Concepts, Principles, and Business Entities, July 2003.
[48]TMF. The NGOSS Securith Principles, June 2003
[49]TMF. Shared Information/Data Model-Addendum 1-PQL, Common Business Entities Definitions-Policy, v1.0, July 2003.
[50]RFC 3318-2003. Framework policy information base.[S].2003.
[51]Bell D, et al. Secure computer systems:Mathematical foundations. Technical report esd-tr-278, MITRE Corporation, Bedford, MA,1973
[52]Moffett D, Sloman M. The representation of policies as system objects [A]. In Proceedings of the Conference on Organizational Computer Systems (COCS) [C], Atlanta, Georgia, Nov 1991, pp.171-184,
[53]Moffett D, Sloman M. Policy hierarchies for distributed systems management [J]. IEEE Journal on Selected Areas in Communications, Special Issue on Network Management,1993.Vol 11, pp.1404-14.
[54]RFC 3198-2001. Terminology for Policy-Based Management. [S].2001.
[55]RFC 3060-2001.Policy core information model.[S].2001.
[56]RFC 3460-2003. Policy core information model extensions. [S].2003.
[57]RFC 3644-2003. Policy Quality of Service (QoS) Information Model. [S].2003.
[58]RFC 3585-2003. IPsec Configuration Policy Information Model. [S].2003.
[59]Ferraiolo D, Kuhn R. Role-based access controls [A]. In 15th NIST-NCSC National Computer Security Conference [C],1992, pp 554-563.
[60]Damianou N, Dulay N, Lupu E, Sloman M. The ponder policy specification language [A]. In POLICY'01:Proceedings of the International Workshop on Policies for Distributed Systems and Networks [C], London, UK,2001, pp 18-38.
[61]Godik S, Moses Tim. eXtensible Access Control Markup Language (XACML) version 1.0. OASIS Standard Document identifier:oasis-xacml-1.0.pdf, OASIS, XACML Technical Committee,18 February 2003.
[62]Anderson A. A Brief Introduction to XACML. Posted to the XACML TC mailing list,14 March 2003.
[63]Bajaj S, et al. Web Service Policy Framework (WS-Policy), March 2006, Version 1.2. http://specs.xmlsoap.org/ws/2004/09/ws-policy.pdf
[64]Bray T, et al. Extensible Markup Language(XML) 1.0 (Fifth Edition). W3C Recommendation.26 November 2008. http://www.w3.org.XML/Core/
[65]Kagal L, Finin T, Joshi A. A Policy Language for a Pervasive Computing Environment [A]. IEEE 4th International Workshop on Policies for Distributed Systems and Networks [C], June 2003, pp.63-74.
[66]Delcourt B A, et al. The KAOS project:Knowledge acquisition in automated specification of software [A]. In AAAI Spring Symposium Series, Track: "design of Composite Systems" [C], Stanford University, Mar 1991, pp 59-62.
[67]Darimont R, et al. Formal refinement patterns for goal-driven requirements elaboration [A]. In SIGSOFT'96:Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering [C], New York, NY, USA, 1996, pp.179-190.
[68]RFC 2748-2000. The COPS(Common Open Policy Service) Protocol.[S].2000
[69]Wong A, Ray P, Parameswaran N, Strassner J. Ontology mapping for the interoperability problem in network management [J]. IEEE Journal on Selected Areas in Communicaions, JSAC, vol.23 no.10, pp.2058-2068.
[70]Baader F, Horrocks I, Sattler U. Deschription Logics [M]. In Frank van Harmelen, Mladimir Lifschitz, and Bruce Porter, editors, Handbook of Knowledge Reprisentation. Elsevier,2007.
[71]http://www.comlab.ox.ac.uk/people/ian.horrocks/Publications/complete.html
[72]Horrocks I. A Comparison of Two Terminological Knowledge Representation Systems [D]. University of Manchester,1995.
[73]Horrocks I. Optimising Tableaux Decision Procedures for Description Logics [D]. University of Manchester,1997.
[74]Horrocks I. Ontologies and the semantic web [J]. Communications of the ACM, Vol.51 No.12, Dec 2008, pp.58-67.
[75]Horrocks I, Sattler U. A Tableau Decision Procedure for SHOIQ [J]. Journal of Automated Reasoning, Vol.39 No.3,2007, pp.249-276.
[76]Horrocks I,et al. OWL Rules:A Proposal and Prototype Implementation [J]. Journal of Web Semantics, Vol.3 No.1,2005, pp.23-40.
[77]Horrocks I, et al. Reducing OWL entailment to description logic satisfiability [J]. Journal of Web Semantics, Vol.1 No.4,2004, pp.345-357.
[78]Horrocks I, et al. From SHIQ and RDF to OWL:The Making of a Web Ontology Language [J]. Journal of Web Semantics, Vol.1 No.1,2003, pp.7-26.
[79]Horrocks I, et al. Evaluating Optimised Decision Procedures for Propositional Modal K(m) Satisfiability [J]. Journal of Automated Reasoning, Vol.28 No.2, Feb 2002,pp.173-204.
[80]Horrocks I, et al. Practical Reasoning for Very Expressive Description Logics [J]. Logic Journal of the IGPL, Vol.8 No.3,2000, pp.239-264.
[81]Horrocks I, et al. A Description Logic with Transitive and Inverse Roles and Role Hierarchies [J]. Journal of Logic and Computation, Vol.9 No.3,1999, pp. 385-410.
[82]Horrocks I, et al. Patel-Schneider. Optimizing Description Logic Subsumption [J]. Journal of Logic and Computation, Vol.9 No.3,1999, pp.267-293.
[83]王若瞳,张辉,杨家海,黄桂奋.P2P网络管理系统信息模型的设计与实现.[J]通信学报,vol.31 no.1,Jan,2010,pp.85-91.
[84]谢俊,石东源,段献忠.基于本体技术的IEC 6190语义信息模型.[J]电网技术,vo1.32,no.1,Jan 2008,pp.88-92.
[85]钱焕延,周宁.基本本体的网络管理信息模型映射方法.[J]计算机应用,vo1.30,no.10,Feb 2010,pp.2838-2842.
[86]秦伟俊.基于本体的智能空间情境信息模型研究.[D].清华大学,Dec,2005.
[87]高志鹏.基于本体的共享管理信息建模方法、模型及其应用.[D].北京邮电大学,Jun,2007.
[88]Ganter B, Wille R. Formal Concept Analysis:Mathematical Foundations [M]. Berlin:Springer-Verlag,1999, pp.51-71.
[89]谢志鹏,刘宗田.概念格的快速渐进式构造算法.计算机学报[J].vol 25 no.5,pp.490-496
[90]缑锦,叶东毅.基于概念格的求所有绝对属性约简的一个算法.福州大学学报(自然科学版)[J].Vol.30 No.3,Jun.2002,pp.298-300.
[91]李云,刘宗田,陈,徐晓华,程伟.多概念格的横向合并算法.电子学报[J].Vol.32,No.11,Nov 2004,pp.203-208.
[92]胡学钢,张玉红,唐志军,刘凡,郭亚光.一种新的概念格并行构造方法.合肥工业大学学报(自然科学版)[J].Vol.28 No.12,Dec.2005.pp.1523-1527.
[93]赵奕,施鹏飞,熊范纶.概念格递增修正关联规则挖掘方法.上海交通大学学报[J].Vol.34 No.5,May 2000,pp.684-687.
[94]杨丽.基于格蕴涵代数的格值概念格及其不确定性推理与决策研究.[D].西南交通大学,Jun 2010.
[95]毕强,滕广青.国外形式概念分析与概念格理论应用研究的前沿进展及热点分析[J],现代图书情报技术,No.11,2010,pp.17-23.
[96]Tonella P. Formal Concept Analysis in Software Engineering[A].In Proceedings of the 26th International Conference on Software Engineering [C], Washington DC, IEEE Computer Society,2004, pp.743-744.
[97]Schmitz C, Hotho A, et al. Mining Association Rules in Folksonomies.[EB/OL] [2010-10-14].
[98]Yadav B S. A Conceptual Model for User-centered Quality Information Retrieval on the World Wide Web [J].Journal of Intellignet Inmformation System, Vol.35 No.1,2010, pp.91-121.
[99]Peng X, Zhao W. An Incremental and FCA-based Ontology Construction Method for Semantics-based Component Retrieval [A]. Seventh International Conference on Quality Software (QSIC 2007) [C], IEEE Computer Society
[100]Takabi H, et al. An Efficient Similarity-Based Approach for Optimal Mining of Role Hierarchy.
[101]Poelmans J, Elzinga P, Biaene S, Dedene G. A case of using Formal Concept Analysis in combination with Self Organizing Maps for detecting domestic violence.
[102]魏达.移动IP网络中基于策略的QoS管理技术研究.[D]吉林大学,2008
[103]刘雪洁.移动IP网络中基于策略的QoS与动态资源管理研究.[D]吉林大学,2008
[104]胡海艳.基于概念格的动态策略存取模型.[D]吉林大学,2009
[105]董洁.基于概念格的动态策略存取机制.[D]吉林大学,2007
[106]李岩.动态策略选择与发布机制研究.[D]吉林大学,2010
[107]姜琳.基于概念格的策略分类与冲突检测研究.[D].吉林大学,2006
[108]刘晓敏.移动IP切换过程中冲突检测与消解的研究.[D].吉林大学,2007
[109]王旺.异构网络环境下策略冲突的快速检测与消解.[D]吉林大学,2010
[110]梅芳.基于策略的移动网络自主管理机制研究.[D]吉林大学,2010
[111]古天野.基于效用函数的移动IP切换策略冲突消解机制.[D]吉林大学,2010
[112]刘琥瑛.资源分配动态策略的自适应触发机制.[D]吉林大学,2010
[113]Moffet D, Sloman M. Policy Conflict Analysis in Distributed System Man agement [J]. Journal of Organizational Computing, Vol 4 No 1,1994, pp. 1-22.
[114]Lupu E, Sloman M. Conflict Analysis for Management Policies [A]. In Proc. of the 5th International Symposium on Integrated Management [C],1997, pp. 430-443.
[115]Lupu E, Sloman M. Conflicts in Policy-based Distributed Systems Management [J].IEEE Transactions on Software Engineering, Vol.25 No.6,1999, pp. 852-869.
[116]Dunlop N, Inlulska J, Raymond K. Dynamic Policy Model for Large Evolving Enterprises [A]. In Proc. of the Fifth IEEE International Enterprise Distributed Object Computing Conference(EDOC 2001) [C],2001, pp.193-197.
[117]Dunlop N, Inlulska J, Raymond K. Dynamic conflict detection in policy-based management systems [A]. In Proc. of the Sixth IEEE International Enterprise Distributed Object Computing Conference(EDOC 2002) [C],2002, pp.15-26.
[118]Dunlop N, Inlulska J, Raymond K. Methods for conflict resolution in policy-based management systems [A]. In Proc. of the Seventh IEEE International Enterprise Distributed Object Computing Conference(EDOC 2003) [C],2003, pp.98-109.
[119]Chomicki J, Lobo J, Naqvi S. A Logic Programming Approach to Conflict Resolution in Policy Management [A]. In Proc. of the Ninth International Conference of the Principles of Knowledge Representations and Reasing (KR 2000) [C],2000, pp.121-132.
[120]Chomicki J, Lobo J, Naqvi S. Conflict Resolution Using Logic Programming [A]. IEEE Transactions on Knowledge and Data Engineering (TKDE 2003) [C], 2003, pp.244-249.
[121]AI-Shaer E, Hamed H. Firewall policy advisor for anomaly detection and rule editing [A]. In Proc. of the Eighth IEEE/IFIP International Symposiu m on Integrated Network Management (IM 2009) [C],2009, pp.17-30.
[122]Al-Shaer E, Hamed H. Discovery of Pollicy Anomalies in Distributed Fire walls [A]. In Proc. of 23rd Conf. IEEE Communications Soc. (INFOCOM 2004) [C],2004, pp.2605-2616.
[123]Al-Shaer E, Hamed H. Modeling and Management of Firewall Policies [J].IEEE Transactions on Network and Service Management,2004, Vol 1 No 1, pp.2-10.
[124]Jajodia S, Samarati P, Sapino M, Subrahmanian V. Flexible support for m ultiple access control policies [A].ACM Transactions on Database Systems (TODS 2001) [C],2001, Vol 26No 2, pp.214-260.
[125]Wijesekera D, Jajodia S. A Propositional Policy Algebra for Access Control [A].ACM Transactions on Information and System Security (TISSEC 2003) [C], 2003, Vol 6 No 2, pp.286-325.
[126]焦素云,刘衍珩,魏达.基于分类概念格的动态策略存取模型.通信学报,Vol 32 No.2,Feb.2011,pp.27-33.
[127]Jiao S, Liu Y, Hu H, Wei D, Zhang Y. Dynamic policy access model based on formal concept analysis [A].2008 International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM 2008) [C], Dalian, China, Oct 12-14,2008, pp.1-4. (EI 090111834080)
[128]Jiao S, Liu Y, Liu X, Wei D, Hu H. Mining correlated policy rules with concept lattice [A].2008 International Symposium on Computer Science and Computational Technology(ISCSCT 2008) [C], Shanghai, China, Dec 20-22, 2008, Vol 1, pp.644-647. (EI 20091211972055, ISTP BIX52)
[129]Jiao S, Liu Y, Qi X, Zhu Y, Wang J. Detecting Conflict Policy Rules With Concept Lattice [A].2009 International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM 2009) [C], Beijing, China, Sep 24-26,2009, pp.1-4. (EI 20100112610473)
[130]余雪岗,刘衍珩,魏达.用于移动路径预测的混合Markov模型[J].通信学报,2006,27(12):61-69
[131]刘雪洁,刘衍珩,魏达.移动IP切换时资源分配动态策略生成机制研究[J].通信学报,2006,27(12):108-115
[132]曲开社,翟岩惠.偏序集、包含度与形式概念分析[J].计算机学报,2006,29(2):219-226
[133]Hari A, Suri S, Parulkar G. Detecting and resolving packet filter conflicts [A]. In Proc. of the 19th Annual Jiont Conference of IEEE Computer and Communications Societies (INFOCOM 2000) [C],2000, pp.1203-1213.
[134]Bandara et al. Using Argumenttation Logic for Firewall Policy Specification and Analysis [A]. In Proc. of the 17th IFIP/IEEE Distributed Systems:Operations and Management (DSOM 2006) [C],2006, pp.185-196.
[135]Al-Shaer E, Hamed H, Boutaba R, Hasan M. Conflict classification and a nalysis of distributed firewall policies [J].IEEE Journal on Selected Areas in Communications (JSAC),2005, Vol 23 No 10, pp.2069-2084.
[136]Zhang C C, Winslett M, Gunter C A. On the Safety and Efficiency of Fi rewall Policy Deployment [A]. In Proc. of IEEE Symposium on Security and Privacy (SP 2007) [C],2007, pp.33-50.
[137]Fu Z, Wu S, Huang H, Loh K, Gong F, Baldine I, Xu C. IPSec/VPN Se curity Policy:Correctness, Conflict Detection and Resolution [A]. In Proc. of the IEEE International Workshop on Policies for Distributed Systens a nd Networks (Policy 2001) [C],2001, pp.39-56.
[138]Yang Y, Martel C, Wu S. On building the minimum number of tunnesl:an ordered-split approach to manage IPSec/VPN policies [A]. In Proc. of the IEEE/IFIP Natwork Operations and management Symposium (NOMS2004) [C], 2004, pp.277-290.
[139]Lin C, Xue C, Zhitang L. Analysis and Classification of IPSec Security Policy Conflicts [A].In Proc. of Japan-China Joint Workshop on Frontier of Computer Science and Technology (FCST 2006) [C],2006, pp.83-88.
[140]Yang Y, Martel C, Wu S. CLID:A General Approach to validate security policies in a dynamic network [A].In Proc. of the 10th IEEE/IFIP International Symposium on Integrated Network Management (IM 2007) [C],2007, pp.1-10.
[141]Agrawal D, Giles J, Lee K W, Lobo J. Policy Ratification [A].In Proc. of the Sixth IEEE International Workshop on Policies for Distributed Syste ms and Networks (Policy 2005) [C],2005, pp.223-232.
[142]Bandara A K, Lupu E C, Russo A. Using Event Calculus to formalize policy specification and analysis [A].In Proc. of the 4th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2003) [C],2003, pp.1-4.
[143]Baliosian J, Serrat J. Finite State Transducers for Policy Evaluation and C onflict Resolution [A].In Proc. of the 5th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2004) [C],2004, pp.250-259.
[144]Vidales P, Baliosian J, Serrat J, Mapp G, Stajano F, Hopper A. Autonomic System for Mobility Support in 4G Networks [J].IEEE Journal on Selected Areas in Communications (JSAC),2005, Vol 23 No 12, pp.2288-2304.
[145]Charalambides M, Flegkas P, Pavlou G, Bandara A, Lupu E, Russo A, D ulay N, Sloman M, Rubio-Loyola J. Polilcy conflict analysis for quality o f service management [A].In Proc. of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2005) [C],200 5, pp.99-108.
[146]Kikuchi S, Tsuchiya S, Adachi M, Katsuyama T. Policy Verification and Validation Framework Based on Model Cheching Approach [A].In Proc.of the 4th International Conference on Autonomic Computing (ICAC 2007) [C],2007, pp.1-10.
[147]Kempter B, Danciu V. Generic Policy Conflict Handling Using a Priori Models [A].In Proc. of the 16th IFIP/IEEE Distributed Systems:Operations and Management (DSOM 2005) [C],2005, pp.84-96.
[148]Uszok A, Bradshaw J M, Jeffers R, Suri N, Hayes P, Breedy M R, Bunch L, Johnson M, Kulkarni S, Lot J. KAoS policy and domain services:Toward a description-logic approach to policy representation, deconfliction, and enforcement [A].In Proc. of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2003) [C],2003, pp.93-96.
[149]Campbell G A, Turner K J. Ontology to Support Call Control Policies [A].In Proc. of the 3rd Advanced International Conference on Telecommunications (AICT 2007) [C],2007, pp.18-28.
[150]Verlaenen K, Win B D, Joosen W. Towards simplified specification of pol icies in different domains [A].In Proc. of the 10th IEEE/IFIP International Symposium on Integrated Network Management (IM 2007) [C],2007, pp. 20-29.
[151]Kagal L, Finin T, Joshi A. A Policy Language for a Pervasive Computing Environment [A].In Proc. of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2003) [C],2003, pp.63-74.
[152]Kaviani et al. Exchanging Policies between Web Service Entities using Ru le Languages [A].In Proc. IEEE Congress in Services (Service 2007) [C], 2007, pp.57-64.
[153]Kaviani et al. Web Rule Languages to Carry Policies [A].In Proc. of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2007) [C],2007, pp.193-200.
[154]Verlaenen K, Win B D, Joosen W. Policy Analysis Using a Hybrid Semantic Reasoning Engine [A].In Proc. of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2007) [C],2007, pp. 188-192.
[155]姚键,茅兵,谢立.一种基于有向图模型的安全策略冲突检测方法[J].计算机研究与发展,2005,42(7):1108-1114
[156]Fong P.W.L. Relationship-Based Access Control:Protection Model and Pol icy Language[A]. Proceedings of the first ACM conference on Data and a pplication security and privacy (CODASPY'11) [C], New York, NY, USA, Feb 2011, pp.191-202.
[157]Kirkpatrick M S, Kerr S. Enforcing Physically Restricted Access Control f or Remote Data [A]. Proceedings of the first ACM conference on Data a nd application security and privacy (CODASPY'11) [C], New York, NY, USA, Feb 2011, pp.203-212.
[158]Jafari M, Fong, P W L, Safavi-Naini R, Barker K. Towards Defining Sem antic Foundations for Purpose-Based Privacy Policies [A]. Proceedings of t he first ACM conference on Data and application security and privacy ( CODASPY'11) [C], February 21-23,2011, San Antonio, Texas, USA,pp.2 13-224.
[159]Ni Q, Xu S H, Bertino E, Sandhu R, Han W L. An Access Control Lan guage for a General Provenance Model [A].The Ninth SIAM International Conference on Data Mining (SDM 2009) [C], Nevada, USA,April 30-Ma y 2,2009, pp.68-88.
[160]Cadenhead T, Khadilkar V, Murat Kantarcioglu M, Thuraisingham T.A lan guage for provenance access control [A]. Proceedings of the first ACM c onference on Data and application security and privacy (CODASPY'11) [C], New York, NY, USA,Feb 2011, pp.133-144.
[161]Mouelhi T, Fleurey F, Baudry B. A Generic Metamodel For Security Poli cies Mutation [A]. Proceedings of the 2008 IEEE International Conference on Software Testing Verification and Validation Workshop(ICSTW'08) [C], IEEE Computer Society Washington, DC, USA, April 09-11,2008, pp. 278-286.
[162]Song E, France R, Ray I.Checking Policy Enforcement in an Access Cont rol Aspect Model[J].the Journal of Information, Special Issue on Converge nce Computing, Vol.11, No.5,September 2008, pp.1-10.
[163]Barker S. The next 700 access control models or a unifying meta-model? [A].Proceedings of the 14th ACM symposium on Access control models and technologies(SACMAT'09) [C], New York, NY, USA, June 2009, pp. 187-196.
[164]Saffarian M, Sadighi B. Owner-Based Role-Based Access Control OB-RB AC [A]. In:International Conference on Availability, Reliability, and Secur ity, ARES 2010[C], Krakow, Poland, Feb 15-18,2010, pp.236-241.
[165]Traon Y L, Mouelhi T. Language-Specific vs. Language-Independent Appr oaches:Embedding Semantics on a Metamodel for Testing and Verifying Access Control Policies [A]. Proceedings of the 2010 Third International Conference on Software Testing, Verification, and Validation Workshops(IC STW'10) [C], EEE Computer Society Washington, DC, USA, July 2010, pp.72-79.
[166]Slimani N, Khambhammettu H, Adi K, Logrippo L.UACML:Unified Ace ess Control Modeling Language [A].4th IFIP International Conference on New Technologies, Mobility and Security (NTMS'2011) [C], QC, Canada, Feb 2011, pp.1-16.
[167]Ferraiolo D, Atluri V, Gavrila S.The Policy Machine:A novel architecture and framework for access control policy specification and enforcement [J]. Jo urnal of Systems Architecture, Volume 57, Issue 4, April 2011, Pages 412-424.
[168]Tripunitara M. V, Carbunar B. Efficient Access Enforcement in Distribute d Role-Based Access Control (RBAC) Deployments [A] Proceedings of th e 14th ACM symposium on Access control models and technologies(SAC MAT'09) [C], Stresa, Italy, June 3-5,2009, pp.155-164.
[169]Jahid S, Gunter.A. MyABDAC:compiling XACML policies for attribute-based database access control [A]. Proceedings of the first ACM conferen ce on Data and application security and privacy (CODASPY'11) [C], Ne w York, NY, USA,Feb 2011, pp.97-108.
[170]Komlenovic M, Tripunitara M, Zitouni T.An Empirical Assessment of App roaches to Distributed Enforcement in Role-Based Access Control (RBAC) [A]. Proceedings of the first ACM conference on Data and application sec urity and privacy (CODASPY'11) [C], New York, NY, USA,Feb 2011, p p.121-132.
[171]Layouni A F, Logrippo L, Turner K J. Conflict Detection in Call Control Using First-Order Logic Model Checking [A].Proceedings of the 9th Inter national Conference on Feature Interactions in Software and Communicatio ns (ICFI 2007) [C], IOS Press, Amsterdam, May 2008, pp.66-82.
[172]Adi K, Bouzida Y, Hattak I, Logrippo L, Mankovskii S. Typing for Confl ict Detection in Access Control Policies [A]. Proc. of the 4th Intern. Conf. MCETECH 2009 (Ottawa, May 2009) [C], Lecture Notes in Business Inf ormation Processing (LNBIP 26), Springer,2009, PP.212-226.
[173]Bernard Stepien B, Matwin S, Felty A. Strategies for Reducing Risks of I nconsistencies in Access Control Policies [A]. In Proceedings of the Fifth International Conference on Availability, Reliability, and Security (ARES 2010) [C], Krakow, Poland, Feb 15-18,2010, pp.140-147.
[174]Shaikh R A, Adi K, Logrippo L, Mankovski S.Inconsistency Detection Me thod for Access Control Policies [A].IEEE sixth International Conference on Information Assurance and Security (IAS 2010) [C], Atlanta, Aug.201 0, pp.204-209.
[175]Shaikh R A, Adi K, Logrippo L, Mankovski S.Detecting Incompleteness i n Access Control Policies Using Data Classification Schemes [A]. In Proc. ICDIM 2010 [C], Aug,2010, pp.417-422.
[176]Ren Y, Cheng F Q, Peng Z Y, Huang X T, Song W. A privacy policy c onflict detection method for multi-owner privacy data protection [J]. Electr onic Commerce Research, Vol 11, NO 1, Jan 2011, pp.103-121.
[2]ISO/IEC 10040-1998.Information technology-Open Systems Interconnection-Systems management overview. [S].1998.
[3]RFC 1155-1990. Structure and Identification of Management Information for TCP/IP based internets.[S].1990.
[4]RFC 1156-1990.Management Information Base Network.[S].1990.
[5]RFC 1157-1990.A Simple Network Management Protocol.[S].1990.
[6]RFC 1441-1993.Introductionto SNMP v2.[S].1993.
[7]RFC 2578-1999.Structure of Management Information for SNMP v2.[S].1999.
[8]RFC 2579-1999.Textual Conventions for SNMP v2.[S].1999.
[9]RFC 2580-1999.Conformance Statements for SNMP v2.[S].1999.
[10]RFC 3410-2002.Introduction and Applicability Statements for Internet Standard Management Framework.[S].2002.
[11]RFC 3411-2002. An Architecture for Describing SNMP Frameworks. [S].2002.
[12]RFC 3412-2002.Message Processing and Dispatching for the SNMP. [S].2002.
[13]RFC 3413-2002. SNMP Applications. [S].2002.
[14]RFC 3414-2002. User-based Security Model (USM) for SNMP v3.[S].2002.
[15]RFC 3415-2002. View-based Access Control Model for the SNMP.[S].2002.
[16]RFC 3416-2002. Protocol Operations for SNMP v2.[S].2002.
[17]RFC 3417-2002. Transport Mappings for SNMP v2.[S].2002.
[18]RFC 3418-2002. Management Information Base for SNMP v2.[S].2002.
[19]RFC 3584-2003. Coexistence between SNMP v1, v2 and v3.[S].2003.
[20]McCloghrie, K., and M. Rose. Management Information Base for Network Management of TCP/IP-based internets. RFC 1066, TWG, August 1998.
[21]http://www.dmtf.org/standards/cim
[22]http://www.rational.com/uml.
[23]Lee Y T. Information modeling:from design to implementation. National Institute of Standards and Technology,1999, pp.1-8.
[24]RFC 3444-2003. On The Difference between Information Models and Data. [S].2003.
[25]International Organiazation for Standardization. Information processing systems-Opne Systems Interconnection-Specification of Abstrace Syntax Notation One (ASN.1). International Standard 8824[S].1987.
[26]McCloghrie K, Perkins D, Schoenwaelder J. Structure of Management Information Version 2(SMIv2). STD 58, RFC 2578, April 1999.
[27]RFC 3159-2001. Structure of Policy Provisioning Information. [S].2001.
[28]International Telecommunication Union. Information technology-Open Systems Interconnection-Structure of Management Information:Guidelines for the Definition of Managed Objects. Recommentation X.722,1992.
[29]Distributed Management Task Force. Common Information Model Specification Version 2.2. DSP 0004, June 1999.
[30]RFC 3780-2004. SMIng-Nextt Generation Structure of Management Information.[S].2004.
[31]RFC 3781-2004. Nextt Generation Structure of Management Information-Mappings to the Simple Network Management Protocol.[S].2004.
[32]SMIng Working Group. SMIng Mappings to COPS-PR. draft-ietf-sming-copspr-OO.txt, Feb 2001.
[33]PIN P, CHEN S. The Entity-Relationship Model-Towards a Unified View of Data. In:ACM Transactions on database Systems, Vol.1, No.1, March,1976, pp.9-36.
[34]D. Appleton Company, Inc., "Integrated Information Support System: Information Modeling Manual, IDEF1-Extended (IDEF1X)," ICAM Project Priority 6201,Subcontract #013-078846, USAF Prime Contract#F33615-80-C-5155, Wright-Patterson Air Force Base,Ohio, December, 1985.
[35]ISO 10303-11:1994(E), Industrial Automation Systems and Integration-Product Data Representation and Exchange-Part 11:The EXPRESS Language Reference Manual.
[36]Schenck D, Wilson, P. "Information Modeling the EXPRESS Way[M].Oxford University Press, New York, NY,1994.
[37]Taberer J. What Is RDF. http://www.xml.com/pub/a/2001/01/24/rdf.htmlRDF.July 26,2006.
[38]http://www.w3.org/TR/2004/REC-owl-features-20040210/
[39]Strassner J. Policy Based Network Management. Morgan Kaufman[M].ISBN 1-55860-859-1.2003.
[40]http://www.tmforum.org/BestPracticesStandards/InformationFramework/1684/H ome.html
[41]Strassner J. Directory Enabled Networks. Macmillan Technical Publishing[M].ISBN 1-57870-140-6.
[42]Strassner J. DEN-ng:achieving business-driven network management [M].Network Operations and Management Symposium, August,2002. pp. 753-756.
[43]Model Driven Architecture-A Technical Perspective. http://www.omg.org/cgi-bin/doc?ormsc/2001-07-01
[44]Developing in OMG/s Model Driven Architecture. ftp://ftp.omg.org/pub/docs/omg/01-12-01.pdf
[45]Steven Davy B A. Harnessing Information Models and Ontologies for Policy Conflict Analysis [D]. Waterford Institute of Technology, September 2008.
[46]TMF. GB921:eTOM-the Business Process Framework, version 3.5, July 2003.
[47]TMF. GB922:Shared Information/Data Model:Concepts, Principles, and Business Entities, July 2003.
[48]TMF. The NGOSS Securith Principles, June 2003
[49]TMF. Shared Information/Data Model-Addendum 1-PQL, Common Business Entities Definitions-Policy, v1.0, July 2003.
[50]RFC 3318-2003. Framework policy information base.[S].2003.
[51]Bell D, et al. Secure computer systems:Mathematical foundations. Technical report esd-tr-278, MITRE Corporation, Bedford, MA,1973
[52]Moffett D, Sloman M. The representation of policies as system objects [A]. In Proceedings of the Conference on Organizational Computer Systems (COCS) [C], Atlanta, Georgia, Nov 1991, pp.171-184,
[53]Moffett D, Sloman M. Policy hierarchies for distributed systems management [J]. IEEE Journal on Selected Areas in Communications, Special Issue on Network Management,1993.Vol 11, pp.1404-14.
[54]RFC 3198-2001. Terminology for Policy-Based Management. [S].2001.
[55]RFC 3060-2001.Policy core information model.[S].2001.
[56]RFC 3460-2003. Policy core information model extensions. [S].2003.
[57]RFC 3644-2003. Policy Quality of Service (QoS) Information Model. [S].2003.
[58]RFC 3585-2003. IPsec Configuration Policy Information Model. [S].2003.
[59]Ferraiolo D, Kuhn R. Role-based access controls [A]. In 15th NIST-NCSC National Computer Security Conference [C],1992, pp 554-563.
[60]Damianou N, Dulay N, Lupu E, Sloman M. The ponder policy specification language [A]. In POLICY'01:Proceedings of the International Workshop on Policies for Distributed Systems and Networks [C], London, UK,2001, pp 18-38.
[61]Godik S, Moses Tim. eXtensible Access Control Markup Language (XACML) version 1.0. OASIS Standard Document identifier:oasis-xacml-1.0.pdf, OASIS, XACML Technical Committee,18 February 2003.
[62]Anderson A. A Brief Introduction to XACML. Posted to the XACML TC mailing list,14 March 2003.
[63]Bajaj S, et al. Web Service Policy Framework (WS-Policy), March 2006, Version 1.2. http://specs.xmlsoap.org/ws/2004/09/ws-policy.pdf
[64]Bray T, et al. Extensible Markup Language(XML) 1.0 (Fifth Edition). W3C Recommendation.26 November 2008. http://www.w3.org.XML/Core/
[65]Kagal L, Finin T, Joshi A. A Policy Language for a Pervasive Computing Environment [A]. IEEE 4th International Workshop on Policies for Distributed Systems and Networks [C], June 2003, pp.63-74.
[66]Delcourt B A, et al. The KAOS project:Knowledge acquisition in automated specification of software [A]. In AAAI Spring Symposium Series, Track: "design of Composite Systems" [C], Stanford University, Mar 1991, pp 59-62.
[67]Darimont R, et al. Formal refinement patterns for goal-driven requirements elaboration [A]. In SIGSOFT'96:Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering [C], New York, NY, USA, 1996, pp.179-190.
[68]RFC 2748-2000. The COPS(Common Open Policy Service) Protocol.[S].2000
[69]Wong A, Ray P, Parameswaran N, Strassner J. Ontology mapping for the interoperability problem in network management [J]. IEEE Journal on Selected Areas in Communicaions, JSAC, vol.23 no.10, pp.2058-2068.
[70]Baader F, Horrocks I, Sattler U. Deschription Logics [M]. In Frank van Harmelen, Mladimir Lifschitz, and Bruce Porter, editors, Handbook of Knowledge Reprisentation. Elsevier,2007.
[71]http://www.comlab.ox.ac.uk/people/ian.horrocks/Publications/complete.html
[72]Horrocks I. A Comparison of Two Terminological Knowledge Representation Systems [D]. University of Manchester,1995.
[73]Horrocks I. Optimising Tableaux Decision Procedures for Description Logics [D]. University of Manchester,1997.
[74]Horrocks I. Ontologies and the semantic web [J]. Communications of the ACM, Vol.51 No.12, Dec 2008, pp.58-67.
[75]Horrocks I, Sattler U. A Tableau Decision Procedure for SHOIQ [J]. Journal of Automated Reasoning, Vol.39 No.3,2007, pp.249-276.
[76]Horrocks I,et al. OWL Rules:A Proposal and Prototype Implementation [J]. Journal of Web Semantics, Vol.3 No.1,2005, pp.23-40.
[77]Horrocks I, et al. Reducing OWL entailment to description logic satisfiability [J]. Journal of Web Semantics, Vol.1 No.4,2004, pp.345-357.
[78]Horrocks I, et al. From SHIQ and RDF to OWL:The Making of a Web Ontology Language [J]. Journal of Web Semantics, Vol.1 No.1,2003, pp.7-26.
[79]Horrocks I, et al. Evaluating Optimised Decision Procedures for Propositional Modal K(m) Satisfiability [J]. Journal of Automated Reasoning, Vol.28 No.2, Feb 2002,pp.173-204.
[80]Horrocks I, et al. Practical Reasoning for Very Expressive Description Logics [J]. Logic Journal of the IGPL, Vol.8 No.3,2000, pp.239-264.
[81]Horrocks I, et al. A Description Logic with Transitive and Inverse Roles and Role Hierarchies [J]. Journal of Logic and Computation, Vol.9 No.3,1999, pp. 385-410.
[82]Horrocks I, et al. Patel-Schneider. Optimizing Description Logic Subsumption [J]. Journal of Logic and Computation, Vol.9 No.3,1999, pp.267-293.
[83]王若瞳,张辉,杨家海,黄桂奋.P2P网络管理系统信息模型的设计与实现.[J]通信学报,vol.31 no.1,Jan,2010,pp.85-91.
[84]谢俊,石东源,段献忠.基于本体技术的IEC 6190语义信息模型.[J]电网技术,vo1.32,no.1,Jan 2008,pp.88-92.
[85]钱焕延,周宁.基本本体的网络管理信息模型映射方法.[J]计算机应用,vo1.30,no.10,Feb 2010,pp.2838-2842.
[86]秦伟俊.基于本体的智能空间情境信息模型研究.[D].清华大学,Dec,2005.
[87]高志鹏.基于本体的共享管理信息建模方法、模型及其应用.[D].北京邮电大学,Jun,2007.
[88]Ganter B, Wille R. Formal Concept Analysis:Mathematical Foundations [M]. Berlin:Springer-Verlag,1999, pp.51-71.
[89]谢志鹏,刘宗田.概念格的快速渐进式构造算法.计算机学报[J].vol 25 no.5,pp.490-496
[90]缑锦,叶东毅.基于概念格的求所有绝对属性约简的一个算法.福州大学学报(自然科学版)[J].Vol.30 No.3,Jun.2002,pp.298-300.
[91]李云,刘宗田,陈,徐晓华,程伟.多概念格的横向合并算法.电子学报[J].Vol.32,No.11,Nov 2004,pp.203-208.
[92]胡学钢,张玉红,唐志军,刘凡,郭亚光.一种新的概念格并行构造方法.合肥工业大学学报(自然科学版)[J].Vol.28 No.12,Dec.2005.pp.1523-1527.
[93]赵奕,施鹏飞,熊范纶.概念格递增修正关联规则挖掘方法.上海交通大学学报[J].Vol.34 No.5,May 2000,pp.684-687.
[94]杨丽.基于格蕴涵代数的格值概念格及其不确定性推理与决策研究.[D].西南交通大学,Jun 2010.
[95]毕强,滕广青.国外形式概念分析与概念格理论应用研究的前沿进展及热点分析[J],现代图书情报技术,No.11,2010,pp.17-23.
[96]Tonella P. Formal Concept Analysis in Software Engineering[A].In Proceedings of the 26th International Conference on Software Engineering [C], Washington DC, IEEE Computer Society,2004, pp.743-744.
[97]Schmitz C, Hotho A, et al. Mining Association Rules in Folksonomies.[EB/OL] [2010-10-14].
[98]Yadav B S. A Conceptual Model for User-centered Quality Information Retrieval on the World Wide Web [J].Journal of Intellignet Inmformation System, Vol.35 No.1,2010, pp.91-121.
[99]Peng X, Zhao W. An Incremental and FCA-based Ontology Construction Method for Semantics-based Component Retrieval [A]. Seventh International Conference on Quality Software (QSIC 2007) [C], IEEE Computer Society
[100]Takabi H, et al. An Efficient Similarity-Based Approach for Optimal Mining of Role Hierarchy.
[101]Poelmans J, Elzinga P, Biaene S, Dedene G. A case of using Formal Concept Analysis in combination with Self Organizing Maps for detecting domestic violence.
[102]魏达.移动IP网络中基于策略的QoS管理技术研究.[D]吉林大学,2008
[103]刘雪洁.移动IP网络中基于策略的QoS与动态资源管理研究.[D]吉林大学,2008
[104]胡海艳.基于概念格的动态策略存取模型.[D]吉林大学,2009
[105]董洁.基于概念格的动态策略存取机制.[D]吉林大学,2007
[106]李岩.动态策略选择与发布机制研究.[D]吉林大学,2010
[107]姜琳.基于概念格的策略分类与冲突检测研究.[D].吉林大学,2006
[108]刘晓敏.移动IP切换过程中冲突检测与消解的研究.[D].吉林大学,2007
[109]王旺.异构网络环境下策略冲突的快速检测与消解.[D]吉林大学,2010
[110]梅芳.基于策略的移动网络自主管理机制研究.[D]吉林大学,2010
[111]古天野.基于效用函数的移动IP切换策略冲突消解机制.[D]吉林大学,2010
[112]刘琥瑛.资源分配动态策略的自适应触发机制.[D]吉林大学,2010
[113]Moffet D, Sloman M. Policy Conflict Analysis in Distributed System Man agement [J]. Journal of Organizational Computing, Vol 4 No 1,1994, pp. 1-22.
[114]Lupu E, Sloman M. Conflict Analysis for Management Policies [A]. In Proc. of the 5th International Symposium on Integrated Management [C],1997, pp. 430-443.
[115]Lupu E, Sloman M. Conflicts in Policy-based Distributed Systems Management [J].IEEE Transactions on Software Engineering, Vol.25 No.6,1999, pp. 852-869.
[116]Dunlop N, Inlulska J, Raymond K. Dynamic Policy Model for Large Evolving Enterprises [A]. In Proc. of the Fifth IEEE International Enterprise Distributed Object Computing Conference(EDOC 2001) [C],2001, pp.193-197.
[117]Dunlop N, Inlulska J, Raymond K. Dynamic conflict detection in policy-based management systems [A]. In Proc. of the Sixth IEEE International Enterprise Distributed Object Computing Conference(EDOC 2002) [C],2002, pp.15-26.
[118]Dunlop N, Inlulska J, Raymond K. Methods for conflict resolution in policy-based management systems [A]. In Proc. of the Seventh IEEE International Enterprise Distributed Object Computing Conference(EDOC 2003) [C],2003, pp.98-109.
[119]Chomicki J, Lobo J, Naqvi S. A Logic Programming Approach to Conflict Resolution in Policy Management [A]. In Proc. of the Ninth International Conference of the Principles of Knowledge Representations and Reasing (KR 2000) [C],2000, pp.121-132.
[120]Chomicki J, Lobo J, Naqvi S. Conflict Resolution Using Logic Programming [A]. IEEE Transactions on Knowledge and Data Engineering (TKDE 2003) [C], 2003, pp.244-249.
[121]AI-Shaer E, Hamed H. Firewall policy advisor for anomaly detection and rule editing [A]. In Proc. of the Eighth IEEE/IFIP International Symposiu m on Integrated Network Management (IM 2009) [C],2009, pp.17-30.
[122]Al-Shaer E, Hamed H. Discovery of Pollicy Anomalies in Distributed Fire walls [A]. In Proc. of 23rd Conf. IEEE Communications Soc. (INFOCOM 2004) [C],2004, pp.2605-2616.
[123]Al-Shaer E, Hamed H. Modeling and Management of Firewall Policies [J].IEEE Transactions on Network and Service Management,2004, Vol 1 No 1, pp.2-10.
[124]Jajodia S, Samarati P, Sapino M, Subrahmanian V. Flexible support for m ultiple access control policies [A].ACM Transactions on Database Systems (TODS 2001) [C],2001, Vol 26No 2, pp.214-260.
[125]Wijesekera D, Jajodia S. A Propositional Policy Algebra for Access Control [A].ACM Transactions on Information and System Security (TISSEC 2003) [C], 2003, Vol 6 No 2, pp.286-325.
[126]焦素云,刘衍珩,魏达.基于分类概念格的动态策略存取模型.通信学报,Vol 32 No.2,Feb.2011,pp.27-33.
[127]Jiao S, Liu Y, Hu H, Wei D, Zhang Y. Dynamic policy access model based on formal concept analysis [A].2008 International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM 2008) [C], Dalian, China, Oct 12-14,2008, pp.1-4. (EI 090111834080)
[128]Jiao S, Liu Y, Liu X, Wei D, Hu H. Mining correlated policy rules with concept lattice [A].2008 International Symposium on Computer Science and Computational Technology(ISCSCT 2008) [C], Shanghai, China, Dec 20-22, 2008, Vol 1, pp.644-647. (EI 20091211972055, ISTP BIX52)
[129]Jiao S, Liu Y, Qi X, Zhu Y, Wang J. Detecting Conflict Policy Rules With Concept Lattice [A].2009 International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM 2009) [C], Beijing, China, Sep 24-26,2009, pp.1-4. (EI 20100112610473)
[130]余雪岗,刘衍珩,魏达.用于移动路径预测的混合Markov模型[J].通信学报,2006,27(12):61-69
[131]刘雪洁,刘衍珩,魏达.移动IP切换时资源分配动态策略生成机制研究[J].通信学报,2006,27(12):108-115
[132]曲开社,翟岩惠.偏序集、包含度与形式概念分析[J].计算机学报,2006,29(2):219-226
[133]Hari A, Suri S, Parulkar G. Detecting and resolving packet filter conflicts [A]. In Proc. of the 19th Annual Jiont Conference of IEEE Computer and Communications Societies (INFOCOM 2000) [C],2000, pp.1203-1213.
[134]Bandara et al. Using Argumenttation Logic for Firewall Policy Specification and Analysis [A]. In Proc. of the 17th IFIP/IEEE Distributed Systems:Operations and Management (DSOM 2006) [C],2006, pp.185-196.
[135]Al-Shaer E, Hamed H, Boutaba R, Hasan M. Conflict classification and a nalysis of distributed firewall policies [J].IEEE Journal on Selected Areas in Communications (JSAC),2005, Vol 23 No 10, pp.2069-2084.
[136]Zhang C C, Winslett M, Gunter C A. On the Safety and Efficiency of Fi rewall Policy Deployment [A]. In Proc. of IEEE Symposium on Security and Privacy (SP 2007) [C],2007, pp.33-50.
[137]Fu Z, Wu S, Huang H, Loh K, Gong F, Baldine I, Xu C. IPSec/VPN Se curity Policy:Correctness, Conflict Detection and Resolution [A]. In Proc. of the IEEE International Workshop on Policies for Distributed Systens a nd Networks (Policy 2001) [C],2001, pp.39-56.
[138]Yang Y, Martel C, Wu S. On building the minimum number of tunnesl:an ordered-split approach to manage IPSec/VPN policies [A]. In Proc. of the IEEE/IFIP Natwork Operations and management Symposium (NOMS2004) [C], 2004, pp.277-290.
[139]Lin C, Xue C, Zhitang L. Analysis and Classification of IPSec Security Policy Conflicts [A].In Proc. of Japan-China Joint Workshop on Frontier of Computer Science and Technology (FCST 2006) [C],2006, pp.83-88.
[140]Yang Y, Martel C, Wu S. CLID:A General Approach to validate security policies in a dynamic network [A].In Proc. of the 10th IEEE/IFIP International Symposium on Integrated Network Management (IM 2007) [C],2007, pp.1-10.
[141]Agrawal D, Giles J, Lee K W, Lobo J. Policy Ratification [A].In Proc. of the Sixth IEEE International Workshop on Policies for Distributed Syste ms and Networks (Policy 2005) [C],2005, pp.223-232.
[142]Bandara A K, Lupu E C, Russo A. Using Event Calculus to formalize policy specification and analysis [A].In Proc. of the 4th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2003) [C],2003, pp.1-4.
[143]Baliosian J, Serrat J. Finite State Transducers for Policy Evaluation and C onflict Resolution [A].In Proc. of the 5th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2004) [C],2004, pp.250-259.
[144]Vidales P, Baliosian J, Serrat J, Mapp G, Stajano F, Hopper A. Autonomic System for Mobility Support in 4G Networks [J].IEEE Journal on Selected Areas in Communications (JSAC),2005, Vol 23 No 12, pp.2288-2304.
[145]Charalambides M, Flegkas P, Pavlou G, Bandara A, Lupu E, Russo A, D ulay N, Sloman M, Rubio-Loyola J. Polilcy conflict analysis for quality o f service management [A].In Proc. of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2005) [C],200 5, pp.99-108.
[146]Kikuchi S, Tsuchiya S, Adachi M, Katsuyama T. Policy Verification and Validation Framework Based on Model Cheching Approach [A].In Proc.of the 4th International Conference on Autonomic Computing (ICAC 2007) [C],2007, pp.1-10.
[147]Kempter B, Danciu V. Generic Policy Conflict Handling Using a Priori Models [A].In Proc. of the 16th IFIP/IEEE Distributed Systems:Operations and Management (DSOM 2005) [C],2005, pp.84-96.
[148]Uszok A, Bradshaw J M, Jeffers R, Suri N, Hayes P, Breedy M R, Bunch L, Johnson M, Kulkarni S, Lot J. KAoS policy and domain services:Toward a description-logic approach to policy representation, deconfliction, and enforcement [A].In Proc. of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2003) [C],2003, pp.93-96.
[149]Campbell G A, Turner K J. Ontology to Support Call Control Policies [A].In Proc. of the 3rd Advanced International Conference on Telecommunications (AICT 2007) [C],2007, pp.18-28.
[150]Verlaenen K, Win B D, Joosen W. Towards simplified specification of pol icies in different domains [A].In Proc. of the 10th IEEE/IFIP International Symposium on Integrated Network Management (IM 2007) [C],2007, pp. 20-29.
[151]Kagal L, Finin T, Joshi A. A Policy Language for a Pervasive Computing Environment [A].In Proc. of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2003) [C],2003, pp.63-74.
[152]Kaviani et al. Exchanging Policies between Web Service Entities using Ru le Languages [A].In Proc. IEEE Congress in Services (Service 2007) [C], 2007, pp.57-64.
[153]Kaviani et al. Web Rule Languages to Carry Policies [A].In Proc. of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2007) [C],2007, pp.193-200.
[154]Verlaenen K, Win B D, Joosen W. Policy Analysis Using a Hybrid Semantic Reasoning Engine [A].In Proc. of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2007) [C],2007, pp. 188-192.
[155]姚键,茅兵,谢立.一种基于有向图模型的安全策略冲突检测方法[J].计算机研究与发展,2005,42(7):1108-1114
[156]Fong P.W.L. Relationship-Based Access Control:Protection Model and Pol icy Language[A]. Proceedings of the first ACM conference on Data and a pplication security and privacy (CODASPY'11) [C], New York, NY, USA, Feb 2011, pp.191-202.
[157]Kirkpatrick M S, Kerr S. Enforcing Physically Restricted Access Control f or Remote Data [A]. Proceedings of the first ACM conference on Data a nd application security and privacy (CODASPY'11) [C], New York, NY, USA, Feb 2011, pp.203-212.
[158]Jafari M, Fong, P W L, Safavi-Naini R, Barker K. Towards Defining Sem antic Foundations for Purpose-Based Privacy Policies [A]. Proceedings of t he first ACM conference on Data and application security and privacy ( CODASPY'11) [C], February 21-23,2011, San Antonio, Texas, USA,pp.2 13-224.
[159]Ni Q, Xu S H, Bertino E, Sandhu R, Han W L. An Access Control Lan guage for a General Provenance Model [A].The Ninth SIAM International Conference on Data Mining (SDM 2009) [C], Nevada, USA,April 30-Ma y 2,2009, pp.68-88.
[160]Cadenhead T, Khadilkar V, Murat Kantarcioglu M, Thuraisingham T.A lan guage for provenance access control [A]. Proceedings of the first ACM c onference on Data and application security and privacy (CODASPY'11) [C], New York, NY, USA,Feb 2011, pp.133-144.
[161]Mouelhi T, Fleurey F, Baudry B. A Generic Metamodel For Security Poli cies Mutation [A]. Proceedings of the 2008 IEEE International Conference on Software Testing Verification and Validation Workshop(ICSTW'08) [C], IEEE Computer Society Washington, DC, USA, April 09-11,2008, pp. 278-286.
[162]Song E, France R, Ray I.Checking Policy Enforcement in an Access Cont rol Aspect Model[J].the Journal of Information, Special Issue on Converge nce Computing, Vol.11, No.5,September 2008, pp.1-10.
[163]Barker S. The next 700 access control models or a unifying meta-model? [A].Proceedings of the 14th ACM symposium on Access control models and technologies(SACMAT'09) [C], New York, NY, USA, June 2009, pp. 187-196.
[164]Saffarian M, Sadighi B. Owner-Based Role-Based Access Control OB-RB AC [A]. In:International Conference on Availability, Reliability, and Secur ity, ARES 2010[C], Krakow, Poland, Feb 15-18,2010, pp.236-241.
[165]Traon Y L, Mouelhi T. Language-Specific vs. Language-Independent Appr oaches:Embedding Semantics on a Metamodel for Testing and Verifying Access Control Policies [A]. Proceedings of the 2010 Third International Conference on Software Testing, Verification, and Validation Workshops(IC STW'10) [C], EEE Computer Society Washington, DC, USA, July 2010, pp.72-79.
[166]Slimani N, Khambhammettu H, Adi K, Logrippo L.UACML:Unified Ace ess Control Modeling Language [A].4th IFIP International Conference on New Technologies, Mobility and Security (NTMS'2011) [C], QC, Canada, Feb 2011, pp.1-16.
[167]Ferraiolo D, Atluri V, Gavrila S.The Policy Machine:A novel architecture and framework for access control policy specification and enforcement [J]. Jo urnal of Systems Architecture, Volume 57, Issue 4, April 2011, Pages 412-424.
[168]Tripunitara M. V, Carbunar B. Efficient Access Enforcement in Distribute d Role-Based Access Control (RBAC) Deployments [A] Proceedings of th e 14th ACM symposium on Access control models and technologies(SAC MAT'09) [C], Stresa, Italy, June 3-5,2009, pp.155-164.
[169]Jahid S, Gunter.A. MyABDAC:compiling XACML policies for attribute-based database access control [A]. Proceedings of the first ACM conferen ce on Data and application security and privacy (CODASPY'11) [C], Ne w York, NY, USA,Feb 2011, pp.97-108.
[170]Komlenovic M, Tripunitara M, Zitouni T.An Empirical Assessment of App roaches to Distributed Enforcement in Role-Based Access Control (RBAC) [A]. Proceedings of the first ACM conference on Data and application sec urity and privacy (CODASPY'11) [C], New York, NY, USA,Feb 2011, p p.121-132.
[171]Layouni A F, Logrippo L, Turner K J. Conflict Detection in Call Control Using First-Order Logic Model Checking [A].Proceedings of the 9th Inter national Conference on Feature Interactions in Software and Communicatio ns (ICFI 2007) [C], IOS Press, Amsterdam, May 2008, pp.66-82.
[172]Adi K, Bouzida Y, Hattak I, Logrippo L, Mankovskii S. Typing for Confl ict Detection in Access Control Policies [A]. Proc. of the 4th Intern. Conf. MCETECH 2009 (Ottawa, May 2009) [C], Lecture Notes in Business Inf ormation Processing (LNBIP 26), Springer,2009, PP.212-226.
[173]Bernard Stepien B, Matwin S, Felty A. Strategies for Reducing Risks of I nconsistencies in Access Control Policies [A]. In Proceedings of the Fifth International Conference on Availability, Reliability, and Security (ARES 2010) [C], Krakow, Poland, Feb 15-18,2010, pp.140-147.
[174]Shaikh R A, Adi K, Logrippo L, Mankovski S.Inconsistency Detection Me thod for Access Control Policies [A].IEEE sixth International Conference on Information Assurance and Security (IAS 2010) [C], Atlanta, Aug.201 0, pp.204-209.
[175]Shaikh R A, Adi K, Logrippo L, Mankovski S.Detecting Incompleteness i n Access Control Policies Using Data Classification Schemes [A]. In Proc. ICDIM 2010 [C], Aug,2010, pp.417-422.
[176]Ren Y, Cheng F Q, Peng Z Y, Huang X T, Song W. A privacy policy c onflict detection method for multi-owner privacy data protection [J]. Electr onic Commerce Research, Vol 11, NO 1, Jan 2011, pp.103-121.