摘要
运用代数系统来形式化地描述、推理和演算跨域环境下基于属性的访问控制策略合成,是解决策略冲突和合成的有效途径。通过引入由上下文环境及时间衰减性动态判决的信任度属性,增加信任度投票算子,并将属性授权项扩展为由主体属性、客体属性、环境属性、信任度属性和操作属性构成的五元组,提出了基于信任度属性的策略合成代数系统。通过四个安全域中的策略合成实例分析,详细阐述了利用信任度属性值实时监控访问请求主体在授权后访问行为的安全性,并展示了策略合成具有更强的描述能力、灵活性和安全性。最后使用策略合成表达式的代数性质来验证策略合成的结果。
Algebraic system is an effective way to resolve policies conflict and composition in the attribute-based access control. The system can be used to formally describe, reason and calculate policies composition under cross-domain environment. This paper proposed a trust attribute-based access control algebraic system of policies composition by introducing trust attribute,which was dynamically judged by context and time decay. It added trust-based vote operator and extending the attribute authorization term to a quintuple attributes, and composed of subject attribute, object attribute, environment attribute, trust attribute and operation attribute. Based on the instance analysis of policies composition in 4 security domains, the paper used trust attribute to monitor the act of the authorized request subject, to demonstrate the description, flexibility and the security of policies composition. Finally, it used the algebraic property of policy composition expression to verify the result.
出处
《计算机应用研究》
CSCD
北大核心
2016年第7期2175-2180,共6页
Application Research of Computers
基金
河南省科技厅重大科技攻关项目(132102210123)
河南省教育厅重大科技攻关项目(13A520321)
河南理工大学博士基金资助项目(72515/194)
关键词
策略合成
属性
信任度
访问控制
代数系统
policy composition
attribute
trust
access control
algebraic system
