基于策略的访问控制关键技术研究
|
摘要
访问控制是支撑信息系统安全的一项重要技术,广泛应用于各种系统安全防护中。目前已有的访问控制技术由于其约束条件配置管理的局限性和执行机制的约束,在会话管理的灵活性、适应性及综合化控制方面存在很大的不足,因此探讨具有新型控制机制的访问控制方法具有十分重要的理论和实际意义。
从保证系统会话请求控制的适应性、灵活性和多策略支持特性这一角度出发,初步构建了一个基于安全策略的访问控制模型PBAC(Policy-based Access Control)。该模型分基本模型和扩展模型。在基本模型中,为增强会话实体管理的适应性,采用了可重构对象描述技术对会话实体实施统一管理。同时,基本模型取消了对会话主体的权限配置,改变了根据主体拥有的权限来约束会话请求的基本访问控制模式,统一建立了会话相关属性描述,实现了会话特性的全面约束管理。此外,基本模型还改变了现有访问控制模型通过权限等约束条件间接描述策略的模式,制定了独立的策略描述和管理机制,实现了访问控制策略的灵活管理,提高了模型的多策略支持能力。
以基本模型为基础,构建了PBAC的扩展模型。论述了扩展模型的会话实体和行为内在的逻辑特点,给出了扩展模型中逻辑关系的描述和管理机制,讨论了模型中实体要素间的分组关系、继承关系、约束关系和依存关系等对访问控制管理机制的影响。给出了PBAC模型在移动代理系统中的应用机制。
从策略的可用性、灵活性以及描述的一致性角度出发,制定了基于XML( Extensible Markup Language )的访问控制策略描述语言规范XBACPL(XML-based Access Control Policy Language),并以会话实体、行为等要素为基础构建了XBACPL的基本策略,给出了基本策略的分类定义和描述方法。在此基础上,结合元建模理论拟定了XBACPL的元策略管理机制,建立了访问控制策略内部的逻辑关系。此外,针对XBACPL的可用性和一致性要求,描述了满足这些要求的策略管理算法。
结合MAS(Mobile Agent System)的特点,讨论了PBAC在MAS中的应用模型。同时,构建了基于策略的网络安全防护框架,在该框架下结合网络层访问控制的特点,开发了一个PBAC的网络安全防护应用原型。原型系统包含一个访问控制实体、属性及策略的配置管理工具,同时在网络驱动层NDIS上实现对网络数据包基于策略规则的过滤。通过原型系统的建立,验证了PBAC模型的灵活性、扩展性和多策略支持特性。
通过对基于策略的访问控制相关问题研究,取得了若干具理论价值和实用价值的研究成果,为进一步研究基于策略的访问控制及其实用系统奠定了理论和方法基础。
The access control technology, widely applied to various security protections, is significant to guarantee the security of information system. The existing access control technology is much deficient on the flexibility, adaptability and the integrated control of session because of its limitation of the restrictive conditions configured for access session and the execution mechanism. Therefore, it is extremely important to develop a new access control mechanism not only for theory but also in practice.
To improve the insufficiency of the old access control technology and support multi-policy, a Policy-Based Access Control Model (PBAC) was produced in this article, which is composed of two models, the fundamental model and the extension model. A completely different and innovative technology, reconstructed-object describing technology, is used in the fundamental model to uniformly manage the conversation entities that strengthens the adaptive capacity of PBAC. Furthermore, in this model, the authorization for session subject has been cancelled, the basic access control pattern in which the system restraints sessions based on the authorization of subject has been changed, and an attribute description related to session, realizing the comprehensive restraint management of session attribute, has been integrated. In addition, this model has changed the mode of current models which depict access control policy indirectly by authorization configured on the session entities, formulated a kind of independent policy description and management mechanism, making the management of access control policy more agile and enhancing the ability of multi-policy supporting.
Based on that fundamental model, an extension model has been produced. The logic characteristics of its entities and actions have been dissertated in this article. And it has also discussed the rules for logic relationship description, the management mechanism, and the influence of the grouping relation, the inheritance relation, and the restraint and dependency relations among conversation factors on the access control management mechanism as well in the extension model. The management mechanism of PBAC using in mobile agent system is introduced.
In order to improve the usability, flexibility and consistency of policy, an XML-Based Access Control Policy Language (XBACPL) has been developed. On the basis elements of entities and actions etc., the essential policies together with its classification and description have been constructed. Integrated with meta-modeling theory, the article has proposed a meta-policy management mechanism of XBACPL, established the logic relationships among access control policies, and described all related algorithms of XBACPL with which the requirements of usability consistency have been defended.
Combined with the characteristic of mobile agent system, the article has introduced a application model about PBAC. At the same, the article creates a policy-based framework for network security. In this framework an application prototype of PBAC is programmed for access control of network. The prototype contains a configuration management tool for access control entities, attributes and policies. The network data packets are filtered on network driving layer whose execution is according to the policies. It is so significant that the prototype validates the flexibility, adaptability, and multi-policy support of PBAC.
In conclusion, some theoretic and practical achievements obtained from this study will provide a substantial foundation for further policy-based application research.
从保证系统会话请求控制的适应性、灵活性和多策略支持特性这一角度出发,初步构建了一个基于安全策略的访问控制模型PBAC(Policy-based Access Control)。该模型分基本模型和扩展模型。在基本模型中,为增强会话实体管理的适应性,采用了可重构对象描述技术对会话实体实施统一管理。同时,基本模型取消了对会话主体的权限配置,改变了根据主体拥有的权限来约束会话请求的基本访问控制模式,统一建立了会话相关属性描述,实现了会话特性的全面约束管理。此外,基本模型还改变了现有访问控制模型通过权限等约束条件间接描述策略的模式,制定了独立的策略描述和管理机制,实现了访问控制策略的灵活管理,提高了模型的多策略支持能力。
以基本模型为基础,构建了PBAC的扩展模型。论述了扩展模型的会话实体和行为内在的逻辑特点,给出了扩展模型中逻辑关系的描述和管理机制,讨论了模型中实体要素间的分组关系、继承关系、约束关系和依存关系等对访问控制管理机制的影响。给出了PBAC模型在移动代理系统中的应用机制。
从策略的可用性、灵活性以及描述的一致性角度出发,制定了基于XML( Extensible Markup Language )的访问控制策略描述语言规范XBACPL(XML-based Access Control Policy Language),并以会话实体、行为等要素为基础构建了XBACPL的基本策略,给出了基本策略的分类定义和描述方法。在此基础上,结合元建模理论拟定了XBACPL的元策略管理机制,建立了访问控制策略内部的逻辑关系。此外,针对XBACPL的可用性和一致性要求,描述了满足这些要求的策略管理算法。
结合MAS(Mobile Agent System)的特点,讨论了PBAC在MAS中的应用模型。同时,构建了基于策略的网络安全防护框架,在该框架下结合网络层访问控制的特点,开发了一个PBAC的网络安全防护应用原型。原型系统包含一个访问控制实体、属性及策略的配置管理工具,同时在网络驱动层NDIS上实现对网络数据包基于策略规则的过滤。通过原型系统的建立,验证了PBAC模型的灵活性、扩展性和多策略支持特性。
通过对基于策略的访问控制相关问题研究,取得了若干具理论价值和实用价值的研究成果,为进一步研究基于策略的访问控制及其实用系统奠定了理论和方法基础。
The access control technology, widely applied to various security protections, is significant to guarantee the security of information system. The existing access control technology is much deficient on the flexibility, adaptability and the integrated control of session because of its limitation of the restrictive conditions configured for access session and the execution mechanism. Therefore, it is extremely important to develop a new access control mechanism not only for theory but also in practice.
To improve the insufficiency of the old access control technology and support multi-policy, a Policy-Based Access Control Model (PBAC) was produced in this article, which is composed of two models, the fundamental model and the extension model. A completely different and innovative technology, reconstructed-object describing technology, is used in the fundamental model to uniformly manage the conversation entities that strengthens the adaptive capacity of PBAC. Furthermore, in this model, the authorization for session subject has been cancelled, the basic access control pattern in which the system restraints sessions based on the authorization of subject has been changed, and an attribute description related to session, realizing the comprehensive restraint management of session attribute, has been integrated. In addition, this model has changed the mode of current models which depict access control policy indirectly by authorization configured on the session entities, formulated a kind of independent policy description and management mechanism, making the management of access control policy more agile and enhancing the ability of multi-policy supporting.
Based on that fundamental model, an extension model has been produced. The logic characteristics of its entities and actions have been dissertated in this article. And it has also discussed the rules for logic relationship description, the management mechanism, and the influence of the grouping relation, the inheritance relation, and the restraint and dependency relations among conversation factors on the access control management mechanism as well in the extension model. The management mechanism of PBAC using in mobile agent system is introduced.
In order to improve the usability, flexibility and consistency of policy, an XML-Based Access Control Policy Language (XBACPL) has been developed. On the basis elements of entities and actions etc., the essential policies together with its classification and description have been constructed. Integrated with meta-modeling theory, the article has proposed a meta-policy management mechanism of XBACPL, established the logic relationships among access control policies, and described all related algorithms of XBACPL with which the requirements of usability consistency have been defended.
Combined with the characteristic of mobile agent system, the article has introduced a application model about PBAC. At the same, the article creates a policy-based framework for network security. In this framework an application prototype of PBAC is programmed for access control of network. The prototype contains a configuration management tool for access control entities, attributes and policies. The network data packets are filtered on network driving layer whose execution is according to the policies. It is so significant that the prototype validates the flexibility, adaptability, and multi-policy support of PBAC.
In conclusion, some theoretic and practical achievements obtained from this study will provide a substantial foundation for further policy-based application research.
引文
[1] R. S. Sandhu, P. Samarati. Access control: principles and practice. IEEE Comrnunications. 1994, 32(9): 40~48
[2] Sylvia Osborn. Mandatory access control and role-based access control revisited. In: Proceedings of the second ACM workshop on Role-based access control. Virginia, USA. 1997. 31~41
[3] Ravi Sandhu. Mandatory controls for database integrity. In Database Security Ⅲ: Status and prospects. North-Holland, 1990.143~150
[4] R S. Sandhu, E J. Coync, H L Fcinstcin et al. Role-based access control models. IEEE Computer. 1996, 29(2):38~47
[5] 黄建, 卿斯汉, 温红子. 带时间特性的角色访问控制. 软件学报. 2003, 14(11): 1944~1954
[6] 董光宇, 卿斯汉, 刘克龙. 带时间特性的角色授权约束. 软件学报. 2002, 13(8): 1521~1527
[7] George Coulouris, Jean Dollimore and Marcus Roberts. Role and task-based access control in the PerDiS Groupware Platform. In: Proceedings of the third ACM workshop on Role-based access control. Virginia, United States. 1998. 115~121
[8] R. K.Thomas, R. S. Sandhu. Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP WG11.3 Workshop on Database Security. California, USA. 1998.166~181
[9] R. K. Thomas and R. S. Sandhu. Towards a task-based paradigm for flexible and adaptable access control in distributed applications. In: Proceedings of new security paradigms. New York, USA. 1993. 138~142
[10] S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian. Flexible support for multiple access control policies. In ACM Transaction on Database Systems. 2001, 26(2): 214~260
[11] W. R. Ford. Administration in a multiple policy/domain environment: the administration and melding of disparate policies. In: Proceedings of New Security Paradigms Workshop. Little Compton, Rhode Island. 1995. 42~52
[12] Y. Manabe, S. Aoyagi. A truant failure detection algorithm for multi-policy distributed systems. In: Second International Symposium on Autonomous Decentralized Systems. Arizona, USA. 1995. 297~303
[13] G. Fortino, C. Mastroianni, W. Russo. A multi-policy, cooperative playback control protocol. In: Third IEEE International Symposium on Network Computing and Applications. Boston, Massachusetts. 2004. 297~302
[14] Marcelo S. Sousa, Alba Cristina M. A. Melo. PackageBLAST: an adaptive multi-policy grid service for biological sequence comparison. In: Proceedings of the 2006 ACM symposium on Applied computing. Dijon, France. 2006. 156~160
[15] Zude Li, Xiaojun Ye. Towards a dynamic multi-policy dissemination control model: (DMDCON). Database principles. 2006, 35(1): 33~38
[16] Robert J. Aiken, Javad Boroumand, Stephen Wolff. Network and computing research infrastructure: back to the future. Communications of the ACM. 2004, 47(1): 93~98
[17] Taf Anthias, Krishna Sankar. The network's new role. Queue. 2006, 4(4): 38~46
[18] C. Bidan and V. Issarny. Dealing with multi-policy security in large open distributed systems. In: Proceedings of the 5th European Symposium on Research in Computer Security. LNCS 1485. 1998. 51~66
[19] 邓集波, 洪帆. 基于任务的访问控制模型. 软件学报. 2003, 14(1) 76~82
[20] R. K. Thomas, R. S. Sandhu. Conceptual foundations for a model of task-basedauthorizations. In Proceedings of the 7th IEEE Computer Security Foundations workshop. Franconia, NewHampshire. 1994. 66~79
[21] 钟华, 冯玉琳, 姜洪安. 扩允角色层次关系模型及其应用. 软件学报. 2000, 11(6): 779~784
[22] Matthew J. Moyer, Mustaque Ahamad. Generalized role-based access control. In: 21st International Conference on Distributed Computing Systems. California, USA. 2001. 391~398
[23] 黄益民.一种基于角色的访问控制扩展模型及其实现. 计算机研究与发展. 2003, 40(10): 1521~1528
[24] 聊斯汉,刘文清,温红子.操作系统安全. 清华大学出版社. 2004. 18~19
[25] D. E. Bell, L. J. LaPadula. Secure computer system: Unified exposition and MULTICS interpretation. The MITRE Corporation. Tech Rep: MTR 2997 Revision 1. 1976
[26] T. Y. Lin. Bell and LaPadula axioms. A “new” paradigm for an “old” model. In: Proceeding 1992 ACM SIGSAC. New Security Paradigms Workshop. Little Compton, Rhode Island, USA. 1992. 82~93
[27] Bell D. E., LaPadula L. J. Secure computer systems: A mathematical model. The MITRE Corporation, Bdeford. Massachussetts: Technical Report M74-244. 1973
[28] K. J. Biba. Integrity considerations for secure computer systems. Technical Report. No. ESD-TR-76-372. Electronic Systems Division, Air Force Systems Command. 1977
[29] 胡东辉, 周学海. 计算机安全模型研究. 小型微型计算机系统. 2005, 26(4): 561~567
[30] W.E. Kuhnhauser. A paradigm for user-defined security policies. In Proceedings14th Symposium on Reliable Distributed Systems. Ontario, Canada. 1995. 135~144
[31] Robert Grimm and Brian N. Bershad. Separating access control policy,enforcement and functionality in extensible systems. ACM Transaction. 2001, 19(1): 36~70
[32] E. Bertino, S. Jajodia, P. Samarati. Supporting multiple access control policies in database system. In IEEE Symposium on Security and Privacy. Oakland. 1996. 94~107
[33] V. Ungureanu, F. Vesuma, N. H. Minsky. A policy-based access control mechanism for the corporate web. In Proceedings of 16th Annual Conference on Computer Security Applications. New Orleans, Louisiana. 2000. 150~158
[34] Min-A Jeong, Jung-Ja Kim, and Yonggwan Won. A flexible database security system using multiple access control policies. In Proceedings of the 4th International Conference on IEEE Parallel and Distributed Computing, Applications and Technologies. Chengdu, China. 2003. 236~240
[35] Trent Jaeger and Xiaolan Zhang. Policy management using access control spaces. ACM Transaction. 2003, 6(3): 327~364
[36] M. Riaz, Saad Liaquat Kiani, Sungyoung Lee et al. Incorporating semantics-based search and policy-based access control mechanism in context service delivery. In: proceedings of Fourth Annual ACIS International Conference on Computer and Information Science. Jeju Island, South Korea. 2005. 175~180
[37] Y. Demchenko, L. Gommans, A. Tokmakoff et al. Policy Based Access Control in Dynamic Grid-based Collaborative Environment. In: proceedings of International Symposium on Collaborative Technologies and Systems. California, USA. 2006. 64~73
[38] J. F. da Silva, L. P. Gaspary, M. P. Barcellos et al. Policy-based access control in peer-to-peer grid systems. In: proceedings of The 6th IEEE/ACM International Workshop on Grid Computing. Washington, USA. 2005. 1~7
[39] S. Van den Berghe, F. De Turck, P. Demeester. Integrating policy-based accessmanagement and adaptive traffic engineering for QoS deployment. In: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks. New York, USA. 2004. 211~214
[40] Jin Wu, C. B. Leangsuksun, Rampure. Policy-Based Access Control Framework for Grid Computing. In: Sixth IEEE International Symposium on Cluster Computing and the Grid. Singapore. 2006. 391~394
[41] T. Dimitrakos, I. Djordjevic, B. Matthews. Policy-driven access control over a distributed firewall architecture. In: Proceedings of Third International Workshop on Policies for Distributed Systems and Networks. California, USA. 2002. 228~231
[42] L. Aib, M. Salle, C. Bartolini et al. Business aware policy-based management. In: 1st IEEE/IFIP International Workshop on Business-driven IT Management. USA. 2006. 55~62
[43] G. C. Wagner. Policy-based frequency management. In IEEE Military Communications Conference. California, USA. 2005. 1775~1779
[44] N. Dunlop, J. Indulska, K. Raymond. Dynamic conflict detection in policy-based management systems. In: Proceedings of IEEE 6th International Enterprise Distributed Object Computing Conference. Lausanne, Switzerland. 2002. 15~26
[45] D. C. Verma, S. Calo, K. Amiri. Policy-based management of content distribution networks. Network IEEE. 2002, 16(2): 34~39
[46] N. Damianou, N. Dulay, E. C. Lupu, and M. S. Sloman. The ponder policy specification language. In: Workshop on Policies for Distributed Systems and networks. Bristol, U.K. 2001
[47] Lalana Kagal. Rei: A policy language for the Me-Centric Project. TechReport, HP Labs. 2002.
[48] Giovanni Della-Libera, Phillip Hallam- Baker. Web services security policy language. Version 1.0. IBM, Microsoft. 2002
[49] IETF, DMTF. Policy Core Information Model. RFC3060
[50] IETF, DMTF. Policy Core Information Model Extensions. RFC3460
[51] IETF, DMTF. IPsec Configuration Policy Information Model. RFC3585
[52] IETF, DMTF. The COPS (Common Open Policy Service) Protocol. RFC2478
[53] Duan Haixin, Wu Jianping, and Li Xing, Policy based access control framework for large networks. In: Proceedings IEEE International Conference on Network (ICON 2000). Singapore. 2000. 267~272
[54] D. C. Verma. Simplifying network administration using policy-based management. IEEE Network. 2002. 16(2): 20~26
[55] R. Chadha, Y. H. Cheng, J. Chiang et al. Scalable policy management for ad hoc networks. In: Military Communications Conference. New York, USA. 2005. 2151~2157
[56] Chetan Shankar, R. Campbell. Managing pervasive systems using role-based obligation policies. In: Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops. Pisa, Italy. 2006. 1~5
[57] E. Al-Shaer. Managing firewall and network-edge security policies. In: IEEE/IFIP Network Operations and Management Symposium. Seoul Korea. 2004. Vol 1. 926~936
[58] F. Bernabei, L. Gratta, R. Pietroiusti. A policy based architecture for guaranteed QoS multimedia services. In: Proceedings of the IEEE Conference on High Performance Switching and Routing. Heidelberg, Germany. 2000. 26~29
[59] Michael Mclnerney. WindowsNT Windows 2000 安全管理指南. 熊桂喜, 王宇辉, 陈震(译). 清华大学出版社. 2001. 245~253
[60] 宫力. 深入 Java 2 平台安全. 朱岱(译).电子工业出版社. 2004. 8~9
[61] Bob Blakley. CORBA 安全性指南-面向对象系统的安全性. 康博创作室. 人民邮电出版社. 2000. 21~25
[62] OMG. CORBA 服务.韦乐平, 薛君敖, 孟洛明(译). 电子工业出版社. 2002.503~518
[63] Fred B. Schneider. Enforceable security policies. ACM Transaction. 2000, 30(1): 30~50
[64] Bartoletti Massimo, Degano Pierpaolo, Gian Luigi Ferrari. Policy framings for access control. In: Proceedings of the 2005 workshop on Issues in the theory of security. New York, USA. 2005. 5~11
[65] Lupu C. Emil, Marriott A. Damian, Morris S. Sloman, et al. A policy based role framework for access control. In Proceedings of the first ACM Workshop on Role-based access control. Maryland, USA. 1996. 15~24
[66] Z. Tari, Chan Shun-Wu. A role-based access control for intranet security. IEEE Internet Computing. 1997. 1(5): 24~34
[67] E. Bertino, P. Mazzoleni, B. Crispo et al. Towards supporting fine-grained access control for Grid resources. In: Proceedings of 10th IEEE International Workshop on Future Trends of Distributed Computing Systems. Suzhou, China. 2004. 59~65
[68] B. Steinmuller, J. Safarik. Extending role-based access control model with states. In: International Conference on EUROCON'2001, Trends in Communications. Bratislava, Slovakis. 2001. vol 2, 398~399
[69] D. Thomsen, D. O'Brien, J. Bogle. Role based access control framework for network enterprises. In: Proceedings of 14th Annual Computer Security Applications Conference. Phoenix, Arizona. 1998. 50~58
[70] L. Giuri, P. Iglio. A formal model for role-based access control with constraints. In: Proceedings of 9th IEEE Computer Security Foundations Workshop. Ireland. 1996. 136~145
[71] T. Enokido, M. Takizawa. Role-based concurrency control for distributed systems. In: 20th International Conference on Advanced Information Networking and Applications. Vienna, Austria. 2006. 1~6
[72] Scott Barman. 编写信息安全策略. 人民邮电出版社. 2002. 1~8
[73] N. Dulay, E. Lupu, M. Sloman, et al. A policy deployment model for the ponder language. In Proceedings of IEEE International Symposium on Integrated Network Management. Washington, USA. 2001. 529~543
[74] J. D. Moffett, M. S. Sloman. Policy hierarchies for distributed systems management. Selected Areas in Communications. 1993, 11(9):1404~1414
[75] A.K.Bandara, E.C. Lupu, A.Russo. Using event calculus to formalise policy specification and analysis. In: Proceedings of IEEE International workshop on Policies for Distributed Systems and Networks. Lake Como, Italy. 2003. 26~39
[76] A. K. Bandara, E. C. Lupu, J. D. Moffett, et al. A goal-based approach to policy refinement. In: Proceedings of IEEE International workshop on Policies for Distributed Systems and Networks. New York, USA. 2004. 229~239
[77] Robert Darimont and Axel van Lamsweerde. Formal refinement patterns for goal-driven requirements elaboration. In: Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering. San Francisco, USA. 1996.179~190
[78] J. Rubio-Loyola, J. Serrat, M. Charalambides et al. A Functional Solution for Goal-Ooriented Policy Refinement. In: Proceedings of Seventh IEEE International Workshop on Policies for Distributed Systems and Networks. Canada. 2006. 133~144
[79] J. Rubio-Loyola, J. Serrat, M. Charalambides et al. GOREMOCH: A Distributed Goal-oriented Policy Refinement Environment. In: 10th IEEE/IFIP Network Operations and Management Symposium. Vancouver, Canada. 2006. 1~4
[80] A. Bandara, E. Lupu,A. Russo et al. Policy refinement for DiffServ quality of service management. In: 9th IFIP/IEEE International Symposium on Integrated Network Management. California, USA. 2005. 469~482
[81] J. Rubio-Loyola, J. Serrat, M. Charalambides et al. Using linear temporal modelchecking for goal-oriented policy refinement frameworks. In: Sixth IEEE International Workshop on Policies for Distributed Systems and Networks. Stockholm, Sweden. 2005. 181~190
[82] J. P. de Albuquerque, H. Krumm, P. L. de Geus. Policy modeling and refinement for network security systems. In: Sixth IEEE International Workshop on Policies for Distributed Systems and Networks. Stockholm, Sweden. 2005. 24~33
[83] H. Hamed, E. Al-Shaer. Taxonomy of conflicts in network security policies. IEEE Communications Magazine. 2006. 44(3): 134~141
[84] M. Charalambides, P. Flegkas, G. Pavlou. Policy conflict analysis for quality of service management. In: Proceedings of Sixth IEEE International Workshop on Policies for Distributed Systems and Networks. Stockholm, Sweden. 2005. 99~108
[85] M. Charalambides, P. Flegkas,G. Pavlou. Dynamic Policy Analysis and Conflict Resolution for DiffServ Quality of Service Management. In: 10th IEEE/IFIP Network Operations and Management Symposium. Vancouver, Canada. 2006. 294~304
[86] T. Dursan, B. Orencik. POLICE distributed conflict detection architecture. In: IEEE International Conference on Communications. Paris, France. 2004. vol 4. 2081~2085
[87] E. Lupu, M. Sloman. Conflicts in policy-based distributed systems management. IEEE Transaction on Software Engineering. 1999. 25(6): 854~869
[88] IETF Internet Draft. Policy Framework: draft-ieft policy-framework-00.txt. 1999
[89] 陈晓苏, 林植, 肖道举. 基于策略的网络安全防护系统框架研究. 计算机工程与科学(已录用)
[90] K.C. Feeney, D. Lewis, V. P. Wade. Policy based management for Internet communities. In: Proceedings of Policies for Distributed Systems and Networks. New York, USA. 2004. 23~32
[91] Li Man. Policy-based IPsec management. Network. IEEE. 2003, 17(6): 36~43
[92] M Sloman. Policy driven management for distributed systems. Journal of Network and System Management. 1994, 2(4). 333~360
[93] Hans Vangheluwe and Juan de Lara. Meta-models are models too. In: Proceedings of the 2002 Winter Simulation Conference. Enver Yucesan, Insead. New York, USA. 2002. 597~605
[94] Colin Atkinson. Meta-modeling for distributed object environments. In: IEEE Proceedings of First Enterprise Distributed Object Computing Workshop. Gold Coast, Australia. 1997. 90~101
[95] Illya Stepanon, J. Hahner, C. Becker et al. A meta-model and framework for user mobility in Mobile Networks. In: the 11th IEEE International conference on Networks. Sydney, Australia. 2003. 231~238
[96] C. Atkinson. Meta-modelling for distributed object environments. In: Proceedings of First International Enterprise Distributed Object Computing Workshop. California, USA. 1997. 90~101
[97] R. Venkatesh, P. Bhaduri, M. Joseph. Formalizing models and meta-models for system development extended abstract. In: Proceedings of Eighth Asia-Pacific Software Engineering Conference. Macao, China. 2001. 155~158
[98] J. Ferber, O. Gutknecht. A meta-model for the analysis and design of organizations in multi-agent systems. In: Proceedings of International Conference on Multi Agent Systems. Paris, France. 1998. 128~135
[99] N. Marilleau, C. Lang, P. Chatonnay et al. A meta-model of group for urban mobility modeling. In: Proceedings of the 2005 International Conference on Active Media Technology. Kagawa, Japan. 2005. 397~400
[100] Gil-Jo Kim, Jin-Sam Kim, Yu-Whoan Ahn. A meta-model based approach to the development of telecommunication systems. In: IEEE International Conference on Systems, Man, and Cybernetics. Florida, USA. 1997. 2330~2335
[101] Andras Belokosztolszki and Ken Moody. Meta policies for distributed role-based access control systems. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and networks. California, USA. 2002. 106~115
[102] Don Box, Aaron Skonnard and John Lam. XML 本质论. 中国电力出版社. 2003. 99~102
[103] 陈晓苏, 林植, 冯向东. 基于分层模型的网络安全策略逐级求精算法. 小型微型计算机系统. (已录用)
[104] Hiroaki Kamoda, Akihiro Hayakawa, Masaki Yamaoka et al. Policy conflict analysis using tableaux for on demand VPN framework. In 6th IEEE International Symposium on World of Wireless Mobile and Mutimedia Networks. California, USA. 2005. 565~569
[105] 朱雁辉. Windows 防火墙与网络封包截获技术. 电子工业出版社. 2002. 39~76
[106] 陈向群,马洪兵, 王雷等. Windows 内核实验教程. 机械工业出版社. 2004. 48~67
[2] Sylvia Osborn. Mandatory access control and role-based access control revisited. In: Proceedings of the second ACM workshop on Role-based access control. Virginia, USA. 1997. 31~41
[3] Ravi Sandhu. Mandatory controls for database integrity. In Database Security Ⅲ: Status and prospects. North-Holland, 1990.143~150
[4] R S. Sandhu, E J. Coync, H L Fcinstcin et al. Role-based access control models. IEEE Computer. 1996, 29(2):38~47
[5] 黄建, 卿斯汉, 温红子. 带时间特性的角色访问控制. 软件学报. 2003, 14(11): 1944~1954
[6] 董光宇, 卿斯汉, 刘克龙. 带时间特性的角色授权约束. 软件学报. 2002, 13(8): 1521~1527
[7] George Coulouris, Jean Dollimore and Marcus Roberts. Role and task-based access control in the PerDiS Groupware Platform. In: Proceedings of the third ACM workshop on Role-based access control. Virginia, United States. 1998. 115~121
[8] R. K.Thomas, R. S. Sandhu. Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP WG11.3 Workshop on Database Security. California, USA. 1998.166~181
[9] R. K. Thomas and R. S. Sandhu. Towards a task-based paradigm for flexible and adaptable access control in distributed applications. In: Proceedings of new security paradigms. New York, USA. 1993. 138~142
[10] S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian. Flexible support for multiple access control policies. In ACM Transaction on Database Systems. 2001, 26(2): 214~260
[11] W. R. Ford. Administration in a multiple policy/domain environment: the administration and melding of disparate policies. In: Proceedings of New Security Paradigms Workshop. Little Compton, Rhode Island. 1995. 42~52
[12] Y. Manabe, S. Aoyagi. A truant failure detection algorithm for multi-policy distributed systems. In: Second International Symposium on Autonomous Decentralized Systems. Arizona, USA. 1995. 297~303
[13] G. Fortino, C. Mastroianni, W. Russo. A multi-policy, cooperative playback control protocol. In: Third IEEE International Symposium on Network Computing and Applications. Boston, Massachusetts. 2004. 297~302
[14] Marcelo S. Sousa, Alba Cristina M. A. Melo. PackageBLAST: an adaptive multi-policy grid service for biological sequence comparison. In: Proceedings of the 2006 ACM symposium on Applied computing. Dijon, France. 2006. 156~160
[15] Zude Li, Xiaojun Ye. Towards a dynamic multi-policy dissemination control model: (DMDCON). Database principles. 2006, 35(1): 33~38
[16] Robert J. Aiken, Javad Boroumand, Stephen Wolff. Network and computing research infrastructure: back to the future. Communications of the ACM. 2004, 47(1): 93~98
[17] Taf Anthias, Krishna Sankar. The network's new role. Queue. 2006, 4(4): 38~46
[18] C. Bidan and V. Issarny. Dealing with multi-policy security in large open distributed systems. In: Proceedings of the 5th European Symposium on Research in Computer Security. LNCS 1485. 1998. 51~66
[19] 邓集波, 洪帆. 基于任务的访问控制模型. 软件学报. 2003, 14(1) 76~82
[20] R. K. Thomas, R. S. Sandhu. Conceptual foundations for a model of task-basedauthorizations. In Proceedings of the 7th IEEE Computer Security Foundations workshop. Franconia, NewHampshire. 1994. 66~79
[21] 钟华, 冯玉琳, 姜洪安. 扩允角色层次关系模型及其应用. 软件学报. 2000, 11(6): 779~784
[22] Matthew J. Moyer, Mustaque Ahamad. Generalized role-based access control. In: 21st International Conference on Distributed Computing Systems. California, USA. 2001. 391~398
[23] 黄益民.一种基于角色的访问控制扩展模型及其实现. 计算机研究与发展. 2003, 40(10): 1521~1528
[24] 聊斯汉,刘文清,温红子.操作系统安全. 清华大学出版社. 2004. 18~19
[25] D. E. Bell, L. J. LaPadula. Secure computer system: Unified exposition and MULTICS interpretation. The MITRE Corporation. Tech Rep: MTR 2997 Revision 1. 1976
[26] T. Y. Lin. Bell and LaPadula axioms. A “new” paradigm for an “old” model. In: Proceeding 1992 ACM SIGSAC. New Security Paradigms Workshop. Little Compton, Rhode Island, USA. 1992. 82~93
[27] Bell D. E., LaPadula L. J. Secure computer systems: A mathematical model. The MITRE Corporation, Bdeford. Massachussetts: Technical Report M74-244. 1973
[28] K. J. Biba. Integrity considerations for secure computer systems. Technical Report. No. ESD-TR-76-372. Electronic Systems Division, Air Force Systems Command. 1977
[29] 胡东辉, 周学海. 计算机安全模型研究. 小型微型计算机系统. 2005, 26(4): 561~567
[30] W.E. Kuhnhauser. A paradigm for user-defined security policies. In Proceedings14th Symposium on Reliable Distributed Systems. Ontario, Canada. 1995. 135~144
[31] Robert Grimm and Brian N. Bershad. Separating access control policy,enforcement and functionality in extensible systems. ACM Transaction. 2001, 19(1): 36~70
[32] E. Bertino, S. Jajodia, P. Samarati. Supporting multiple access control policies in database system. In IEEE Symposium on Security and Privacy. Oakland. 1996. 94~107
[33] V. Ungureanu, F. Vesuma, N. H. Minsky. A policy-based access control mechanism for the corporate web. In Proceedings of 16th Annual Conference on Computer Security Applications. New Orleans, Louisiana. 2000. 150~158
[34] Min-A Jeong, Jung-Ja Kim, and Yonggwan Won. A flexible database security system using multiple access control policies. In Proceedings of the 4th International Conference on IEEE Parallel and Distributed Computing, Applications and Technologies. Chengdu, China. 2003. 236~240
[35] Trent Jaeger and Xiaolan Zhang. Policy management using access control spaces. ACM Transaction. 2003, 6(3): 327~364
[36] M. Riaz, Saad Liaquat Kiani, Sungyoung Lee et al. Incorporating semantics-based search and policy-based access control mechanism in context service delivery. In: proceedings of Fourth Annual ACIS International Conference on Computer and Information Science. Jeju Island, South Korea. 2005. 175~180
[37] Y. Demchenko, L. Gommans, A. Tokmakoff et al. Policy Based Access Control in Dynamic Grid-based Collaborative Environment. In: proceedings of International Symposium on Collaborative Technologies and Systems. California, USA. 2006. 64~73
[38] J. F. da Silva, L. P. Gaspary, M. P. Barcellos et al. Policy-based access control in peer-to-peer grid systems. In: proceedings of The 6th IEEE/ACM International Workshop on Grid Computing. Washington, USA. 2005. 1~7
[39] S. Van den Berghe, F. De Turck, P. Demeester. Integrating policy-based accessmanagement and adaptive traffic engineering for QoS deployment. In: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks. New York, USA. 2004. 211~214
[40] Jin Wu, C. B. Leangsuksun, Rampure. Policy-Based Access Control Framework for Grid Computing. In: Sixth IEEE International Symposium on Cluster Computing and the Grid. Singapore. 2006. 391~394
[41] T. Dimitrakos, I. Djordjevic, B. Matthews. Policy-driven access control over a distributed firewall architecture. In: Proceedings of Third International Workshop on Policies for Distributed Systems and Networks. California, USA. 2002. 228~231
[42] L. Aib, M. Salle, C. Bartolini et al. Business aware policy-based management. In: 1st IEEE/IFIP International Workshop on Business-driven IT Management. USA. 2006. 55~62
[43] G. C. Wagner. Policy-based frequency management. In IEEE Military Communications Conference. California, USA. 2005. 1775~1779
[44] N. Dunlop, J. Indulska, K. Raymond. Dynamic conflict detection in policy-based management systems. In: Proceedings of IEEE 6th International Enterprise Distributed Object Computing Conference. Lausanne, Switzerland. 2002. 15~26
[45] D. C. Verma, S. Calo, K. Amiri. Policy-based management of content distribution networks. Network IEEE. 2002, 16(2): 34~39
[46] N. Damianou, N. Dulay, E. C. Lupu, and M. S. Sloman. The ponder policy specification language. In: Workshop on Policies for Distributed Systems and networks. Bristol, U.K. 2001
[47] Lalana Kagal. Rei: A policy language for the Me-Centric Project. TechReport, HP Labs. 2002.
[48] Giovanni Della-Libera, Phillip Hallam- Baker. Web services security policy language. Version 1.0. IBM, Microsoft. 2002
[49] IETF, DMTF. Policy Core Information Model. RFC3060
[50] IETF, DMTF. Policy Core Information Model Extensions. RFC3460
[51] IETF, DMTF. IPsec Configuration Policy Information Model. RFC3585
[52] IETF, DMTF. The COPS (Common Open Policy Service) Protocol. RFC2478
[53] Duan Haixin, Wu Jianping, and Li Xing, Policy based access control framework for large networks. In: Proceedings IEEE International Conference on Network (ICON 2000). Singapore. 2000. 267~272
[54] D. C. Verma. Simplifying network administration using policy-based management. IEEE Network. 2002. 16(2): 20~26
[55] R. Chadha, Y. H. Cheng, J. Chiang et al. Scalable policy management for ad hoc networks. In: Military Communications Conference. New York, USA. 2005. 2151~2157
[56] Chetan Shankar, R. Campbell. Managing pervasive systems using role-based obligation policies. In: Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops. Pisa, Italy. 2006. 1~5
[57] E. Al-Shaer. Managing firewall and network-edge security policies. In: IEEE/IFIP Network Operations and Management Symposium. Seoul Korea. 2004. Vol 1. 926~936
[58] F. Bernabei, L. Gratta, R. Pietroiusti. A policy based architecture for guaranteed QoS multimedia services. In: Proceedings of the IEEE Conference on High Performance Switching and Routing. Heidelberg, Germany. 2000. 26~29
[59] Michael Mclnerney. WindowsNT Windows 2000 安全管理指南. 熊桂喜, 王宇辉, 陈震(译). 清华大学出版社. 2001. 245~253
[60] 宫力. 深入 Java 2 平台安全. 朱岱(译).电子工业出版社. 2004. 8~9
[61] Bob Blakley. CORBA 安全性指南-面向对象系统的安全性. 康博创作室. 人民邮电出版社. 2000. 21~25
[62] OMG. CORBA 服务.韦乐平, 薛君敖, 孟洛明(译). 电子工业出版社. 2002.503~518
[63] Fred B. Schneider. Enforceable security policies. ACM Transaction. 2000, 30(1): 30~50
[64] Bartoletti Massimo, Degano Pierpaolo, Gian Luigi Ferrari. Policy framings for access control. In: Proceedings of the 2005 workshop on Issues in the theory of security. New York, USA. 2005. 5~11
[65] Lupu C. Emil, Marriott A. Damian, Morris S. Sloman, et al. A policy based role framework for access control. In Proceedings of the first ACM Workshop on Role-based access control. Maryland, USA. 1996. 15~24
[66] Z. Tari, Chan Shun-Wu. A role-based access control for intranet security. IEEE Internet Computing. 1997. 1(5): 24~34
[67] E. Bertino, P. Mazzoleni, B. Crispo et al. Towards supporting fine-grained access control for Grid resources. In: Proceedings of 10th IEEE International Workshop on Future Trends of Distributed Computing Systems. Suzhou, China. 2004. 59~65
[68] B. Steinmuller, J. Safarik. Extending role-based access control model with states. In: International Conference on EUROCON'2001, Trends in Communications. Bratislava, Slovakis. 2001. vol 2, 398~399
[69] D. Thomsen, D. O'Brien, J. Bogle. Role based access control framework for network enterprises. In: Proceedings of 14th Annual Computer Security Applications Conference. Phoenix, Arizona. 1998. 50~58
[70] L. Giuri, P. Iglio. A formal model for role-based access control with constraints. In: Proceedings of 9th IEEE Computer Security Foundations Workshop. Ireland. 1996. 136~145
[71] T. Enokido, M. Takizawa. Role-based concurrency control for distributed systems. In: 20th International Conference on Advanced Information Networking and Applications. Vienna, Austria. 2006. 1~6
[72] Scott Barman. 编写信息安全策略. 人民邮电出版社. 2002. 1~8
[73] N. Dulay, E. Lupu, M. Sloman, et al. A policy deployment model for the ponder language. In Proceedings of IEEE International Symposium on Integrated Network Management. Washington, USA. 2001. 529~543
[74] J. D. Moffett, M. S. Sloman. Policy hierarchies for distributed systems management. Selected Areas in Communications. 1993, 11(9):1404~1414
[75] A.K.Bandara, E.C. Lupu, A.Russo. Using event calculus to formalise policy specification and analysis. In: Proceedings of IEEE International workshop on Policies for Distributed Systems and Networks. Lake Como, Italy. 2003. 26~39
[76] A. K. Bandara, E. C. Lupu, J. D. Moffett, et al. A goal-based approach to policy refinement. In: Proceedings of IEEE International workshop on Policies for Distributed Systems and Networks. New York, USA. 2004. 229~239
[77] Robert Darimont and Axel van Lamsweerde. Formal refinement patterns for goal-driven requirements elaboration. In: Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering. San Francisco, USA. 1996.179~190
[78] J. Rubio-Loyola, J. Serrat, M. Charalambides et al. A Functional Solution for Goal-Ooriented Policy Refinement. In: Proceedings of Seventh IEEE International Workshop on Policies for Distributed Systems and Networks. Canada. 2006. 133~144
[79] J. Rubio-Loyola, J. Serrat, M. Charalambides et al. GOREMOCH: A Distributed Goal-oriented Policy Refinement Environment. In: 10th IEEE/IFIP Network Operations and Management Symposium. Vancouver, Canada. 2006. 1~4
[80] A. Bandara, E. Lupu,A. Russo et al. Policy refinement for DiffServ quality of service management. In: 9th IFIP/IEEE International Symposium on Integrated Network Management. California, USA. 2005. 469~482
[81] J. Rubio-Loyola, J. Serrat, M. Charalambides et al. Using linear temporal modelchecking for goal-oriented policy refinement frameworks. In: Sixth IEEE International Workshop on Policies for Distributed Systems and Networks. Stockholm, Sweden. 2005. 181~190
[82] J. P. de Albuquerque, H. Krumm, P. L. de Geus. Policy modeling and refinement for network security systems. In: Sixth IEEE International Workshop on Policies for Distributed Systems and Networks. Stockholm, Sweden. 2005. 24~33
[83] H. Hamed, E. Al-Shaer. Taxonomy of conflicts in network security policies. IEEE Communications Magazine. 2006. 44(3): 134~141
[84] M. Charalambides, P. Flegkas, G. Pavlou. Policy conflict analysis for quality of service management. In: Proceedings of Sixth IEEE International Workshop on Policies for Distributed Systems and Networks. Stockholm, Sweden. 2005. 99~108
[85] M. Charalambides, P. Flegkas,G. Pavlou. Dynamic Policy Analysis and Conflict Resolution for DiffServ Quality of Service Management. In: 10th IEEE/IFIP Network Operations and Management Symposium. Vancouver, Canada. 2006. 294~304
[86] T. Dursan, B. Orencik. POLICE distributed conflict detection architecture. In: IEEE International Conference on Communications. Paris, France. 2004. vol 4. 2081~2085
[87] E. Lupu, M. Sloman. Conflicts in policy-based distributed systems management. IEEE Transaction on Software Engineering. 1999. 25(6): 854~869
[88] IETF Internet Draft. Policy Framework: draft-ieft policy-framework-00.txt. 1999
[89] 陈晓苏, 林植, 肖道举. 基于策略的网络安全防护系统框架研究. 计算机工程与科学(已录用)
[90] K.C. Feeney, D. Lewis, V. P. Wade. Policy based management for Internet communities. In: Proceedings of Policies for Distributed Systems and Networks. New York, USA. 2004. 23~32
[91] Li Man. Policy-based IPsec management. Network. IEEE. 2003, 17(6): 36~43
[92] M Sloman. Policy driven management for distributed systems. Journal of Network and System Management. 1994, 2(4). 333~360
[93] Hans Vangheluwe and Juan de Lara. Meta-models are models too. In: Proceedings of the 2002 Winter Simulation Conference. Enver Yucesan, Insead. New York, USA. 2002. 597~605
[94] Colin Atkinson. Meta-modeling for distributed object environments. In: IEEE Proceedings of First Enterprise Distributed Object Computing Workshop. Gold Coast, Australia. 1997. 90~101
[95] Illya Stepanon, J. Hahner, C. Becker et al. A meta-model and framework for user mobility in Mobile Networks. In: the 11th IEEE International conference on Networks. Sydney, Australia. 2003. 231~238
[96] C. Atkinson. Meta-modelling for distributed object environments. In: Proceedings of First International Enterprise Distributed Object Computing Workshop. California, USA. 1997. 90~101
[97] R. Venkatesh, P. Bhaduri, M. Joseph. Formalizing models and meta-models for system development extended abstract. In: Proceedings of Eighth Asia-Pacific Software Engineering Conference. Macao, China. 2001. 155~158
[98] J. Ferber, O. Gutknecht. A meta-model for the analysis and design of organizations in multi-agent systems. In: Proceedings of International Conference on Multi Agent Systems. Paris, France. 1998. 128~135
[99] N. Marilleau, C. Lang, P. Chatonnay et al. A meta-model of group for urban mobility modeling. In: Proceedings of the 2005 International Conference on Active Media Technology. Kagawa, Japan. 2005. 397~400
[100] Gil-Jo Kim, Jin-Sam Kim, Yu-Whoan Ahn. A meta-model based approach to the development of telecommunication systems. In: IEEE International Conference on Systems, Man, and Cybernetics. Florida, USA. 1997. 2330~2335
[101] Andras Belokosztolszki and Ken Moody. Meta policies for distributed role-based access control systems. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and networks. California, USA. 2002. 106~115
[102] Don Box, Aaron Skonnard and John Lam. XML 本质论. 中国电力出版社. 2003. 99~102
[103] 陈晓苏, 林植, 冯向东. 基于分层模型的网络安全策略逐级求精算法. 小型微型计算机系统. (已录用)
[104] Hiroaki Kamoda, Akihiro Hayakawa, Masaki Yamaoka et al. Policy conflict analysis using tableaux for on demand VPN framework. In 6th IEEE International Symposium on World of Wireless Mobile and Mutimedia Networks. California, USA. 2005. 565~569
[105] 朱雁辉. Windows 防火墙与网络封包截获技术. 电子工业出版社. 2002. 39~76
[106] 陈向群,马洪兵, 王雷等. Windows 内核实验教程. 机械工业出版社. 2004. 48~67