Author Login Chief Editor Login Reviewer Login Editor Login Remote Office

Computer Engineering ›› 2013, Vol. 39 ›› Issue (6): 200-204. doi: 10.3969/j.issn.1000-3428.2013.06.044

• Networks and Communications • Previous Articles     Next Articles

A Static Policy Conflict Detection Algorithm for Attribute Based Access Control

LIU Jiang 1,2, ZHANG Hong-qi 1,2, DAI Xiang-dong 1,2, WANG Yi-gong 1,2   

  1. (1. Institute of Electric Technology, PLA Information Engineering University, Zhengzhou 450004, China; 2. Henan Key Laboratory of Information Security, Zhengzhou 450004, China)
  • Received:2012-05-07 Online:2013-06-15 Published:2013-06-14

一种ABAC静态策略冲突检测算法

刘 江1,2,张红旗1,2,代向东1,2,王义功1,2   

  1. (1. 解放军信息工程大学电子技术学院,郑州 450004;2. 河南省信息安全重点实验室,郑州 450004)
  • 作者简介:刘 江(1988-),男,硕士研究生,主研方向:网络与信息安全,策略管理;张红旗,教授、博士生导师;代向东,讲师、硕士;王义功,硕士
  • 基金资助:
    国家“973”计划基金资助项目(2011CB311801);国家“863”计划基金资助项目(2009AA01Z438)

Abstract: This paper discusses static access control policy conflict detection of Attribute Based Access Control(ABAC) in the distributed computing environment, proposes a static policy conflict detection algorithm based on policy attributes decomposition. Policy attributes are decomposed and the graph of policy attributes decomposition is constructed. The intersection relationship between predicates of policy attribute is judged. The algorithm detects policy conflicts by the definition of static policy conflict which improves extensibility and achievability. Experimental result indicates that the policy conflict detection rate of proposed algorithm can reach 85%.

Key words: Attribute Based Access Control(ABAC) model, policy management, static policy, policy conflict, policy attributes decomposition, conflict detection

摘要: 在分布式计算环境下,传统基于属性的静态访问控制策略多存在扩展性差、难以实现等问题。针对上述问题,提出一种基于策略属性分解的冲突检测算法。该算法对策略属性进行分解,构造策略属性分解图,判断策略属性值之间的相交关系,根据静态策略冲突的定义进行策略冲突检测,从而提高策略冲突检测算法的可扩展性和易实现性。实验结果表明,该算法对静态策略冲突的检测率接近85%。

关键词: 基于属性的访问控制模型, 策略管理, 静态策略, 策略冲突, 策略属性分解, 冲突检测

CLC Number: