摘要
为应对开放网络环境以及跨域访问的需求,提出一种基于属性的访问控制概念。针对此概念设计一种多优化技术的ABAC(Attribute Based Access Control)模型。采用XACML(extensible access control markup language)标准实现了ABAC模型,在进行属性检索和策略检索时引入业务逻辑,以业务为索引值建立索引机制,加快属性和策略检索的匹配效率,并在策略评估时加入了缓存机制,进一步提高评估效率。仿真实验的结果表明该模型的效率与传统ABAC模型相比具有优势。
To respond to the demand of open network environment and cross-domain access, we propose a concept of attribute-based access control (ABAC). For this concept we design an ABAC model which is based on multi-optimisation technology. The model uses XACML ( ex- tensible access control markup language) standard to practically model the ABAC. To speed up matching efficiency of attributes retrieval and policy retrieval, business logic is introduced in these retrievals, and the business is used as the index value to set up index mechanism. Cac- hing mechanism is introduced in policy evaluation so as to further improve the assess efficiency. The ABAC model is simulated and experi- mented, and results demonstrate that the efficiency of the new model is better than the traditional ABAC model.
出处
《计算机应用与软件》
CSCD
2015年第11期312-316,共5页
Computer Applications and Software
关键词
基于属性访问控制
索引
缓存
业务逻辑
Attribute-based access control
Index
Cache
Business logic
