计算机工程 ›› 2008, Vol. 34 ›› Issue (24): 162-164.doi: 10.3969/j.issn.1000-3428.2008.24.056

• 安全技术 • 上一篇    下一篇

可视化的安全策略形式化描述与验证系统

雷新锋,刘 军,肖军模, 周海刚, 张一丹   

  1. (解放军理工大学通信工程学院,南京 210007)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-12-20 发布日期:2008-12-20

Visual System of Formal Specification and Verification of Security Policy

LEI Xin-feng, LIU Jun, XIAO Jun-mo, ZHOU Hai-gang, ZHANG Yi-dan   

  1. (Institute of Communications Engineering, PLA University of Science & Technology, Nanjing 210007)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-12-20 Published:2008-12-20

摘要: 通过分析安全策略中可能出现的问题,对安全策略的一致性与完备性进行形式化定义。通过构造安全策略的状态模型,提出策略的一致性与完备性验证算法。基于可扩展访问控制标记语言,设计并实现一种安全策略的形式化描述与验证系统。该系统将形式化的验证过程自动化,以可视化的形式为普通用户提供一种高效的策略验证工具。

关键词: 安全策略, 一致性, 完备性, 扩展访问控制标记语言

Abstract: This paper analyzes the possible faults in policy, formally defines the consistency and completeness of the security policy. By building the state model of security policy, the algorithm for formally verifying security policy is proposed. Based on the eXtensible Access Control Markup Language(XACML), a system to formally specify and verify the security policy is designed and implemented. This system makes the process of the formal verification automatic, and provides an efficient tool for a normal user to verify the security policy in a visual form.

Key words: security policy, consistency, completeness, eXtensible Access Control Markup Language(XACML)

中图分类号: