摘要
为适应分布式环境下的安全需求 ,提出了一种描述访问控制策略和判定访问请求的方法 .采用类似于无函数的扩展逻辑程序的表示方法对安全访问策略进行描述 ,限定权限传播的深度 ,利用不同的优先次序定义了多种消解冲突的规则 ,并给出了类似扩展逻辑程序的回答集语义解释 .结合确定性推理和可能性推理 ,描述了如何判定访问请求的算法 .解决了 3个问题 :分布式授权。
The security requirements of distributed systems are changing. In this paper an approach to represent the access control policies and evaluate the access requests is proposed. Extended logic programs without functions are introduced to represent the diverse access control policies, and the propagation depth and direction of privileges along the entity hierarchy can be constrained. After privilege conflicts are resolved according to the rules based on priority between different grantors and entities, semantics as answer sets of extended logic programs is attained. Based on certainty and possibility reasoning, an algorithm to determine whether an access request is authorized is proposed. The three issues of distributed authorization, private privileges and conflict resolution are resolved.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2001年第6期735-740,共6页
Journal of Computer Research and Development
基金
上海市科技发展基金项目资助!(995 115 0 14 )
关键词
访问控制
私有权限
信息安全
冲突
分布式环境
access control, private privileges, conflict, answer set, access request
