计算机工程 ›› 2013, Vol. 39 ›› Issue (4): 71-74.doi: 10.3969/j.issn.1000-3428.2013.04.017

• 体系结构与软件技术 • 上一篇    下一篇

基于描述逻辑的XACML策略研究

陈旭日1,2,徐炜民2   

  1. ( . 湖南科技学院计算机系,湖南 永州 2. 上海大学计算机工程与科学学院,上海 200072)
  • 收稿日期:2012-03-07 出版日期:2013-04-15 发布日期:2013-04-12
  • 作者简介:陈旭日(1971-),男,副教授、博士研究生,主研方向:形式化方法,网络安全;徐炜民,教授、博士生导师

Study of XACML Policy Based on Description Logic

CHEN Xu-ri 1,2, XU Wei-min 2   

  1. (1. Department of Computer, Hunan University of Science and Engineering, Yongzhou 425100, China; 2. School of Computer Engineering and Science, Shanghai University, Shanghai 200072, China)
  • Received:2012-03-07 Online:2013-04-15 Published:2013-04-12

摘要: 针对XACML策略间的语义表示、冲突等问题,提出基于描述逻辑的形式化方法,对XACML策略的目标、规则、规则组合算法和策略冲突消解算法进行形式化处理,并给出基于描述逻辑的规则间冲突检测方案。分析结果表明,该形式化方法便于XACML策略的扩展,并且增强了XACML的语义表达能力和推理能力。

关键词: XML访问控制标记语言, 描述逻辑, 冲突检测, 规则冗余, 推理, 语义

Abstract: Against the semantics of XML Access Control Markup Language(XACML) policies, conflict and other issues, this paper provides description logic-based formal methods, formalizes XACML policy target, rules, rules combination algorithms and policy conflict resolution algorithm, and puts forward the rules conflict detection method based on the description logic. Analysis result shows that this method facilitates strategic expansion, and enhances the XACML semantics of expressive power and reasoning ability.

Key words: XML Access Control Markup Language(XACML), description logic, conflict detection, rule redundancy, reasoning, semantic

中图分类号: