首页 | 本学科首页   官方微博 | 高级检索  
     检索      

访问控制策略一致性和完备性检测方法研究
引用本文:张红斌,马鹏程,刘 滨.访问控制策略一致性和完备性检测方法研究[J].河北工业科技,2018,35(5):305-310.
作者姓名:张红斌  马鹏程  刘 滨
作者单位:河北科技大学信息科学与工程学院;河北师范大学河北省网络与信息安全重点实验室;河北科技大学经济管理学院
基金项目:国家自然科学基金(61672206,61572170); 河北省科技支撑计划项目(17210104D); 河北省创新能力提升计划软科学研究和科普专项(17K50702D);河北省高等学校科学技术研究项目(ZD2015099)
摘    要:为实现对复杂访问控制策略的统一管理,检测并排除冲突和不完备的访问控制策略,提出了利用访问控制策略集合中的偏序信息构造融合主体、客体层级结构的有向无环图模型。首先从理论上证明了构建有向无环图模型的可行性,并提出利用偏序关系构建有向无环图模型的实施算法,然后利用有向无环图模型的节点集合设计了访问控制策略一致性和完备性检测算法,最后对模型构建算法及访问控制策略一致性和完备性检测算法进行实验验证。实验结果表明,融合主体、客体层级结构的有向无环图模型可以有效管理复杂系统中访问控制策略中出现的冲突与策略不完备情况。相关算法可以有效地实现对复杂访问控制策略的统一管理。

关 键 词:算法理论  访问控制  策略管理  一致性  完备性  有向无环图  检测
收稿时间:2018/4/3 0:00:00
修稿时间:2018/6/22 0:00:00

Research on the detection of consistency and completeness in access control policies
ZHANG Hongbin,MA Pengcheng and LIU Bin.Research on the detection of consistency and completeness in access control policies[J].Hebei Journal of Industrial Science & Technology,2018,35(5):305-310.
Authors:ZHANG Hongbin  MA Pengcheng and LIU Bin
Abstract:In order to realize the unified management of complex access control policy, detecting and eliminating conflicting and incomplete access control policy, a directed acyclic graph model, which merges subjects and objects, is constructed by using the partial order information in the access control policy set. First, the feasibility of constructing the directed acyclic graph model is proved, and an algorithm for constructing the directed acyclic graph model is also proposed, then the consistency and completeness detection algorithm for access control policies is designed by using the set of nodes in the directed acyclic graph model. Finally, the experiments verify the effectiveness of the algorithms. The results show that the directed acyclic graph model can effectively deal with the conflict and incompleteness in the access control policies of complex systems. The relative algorithms can realize the unified management of complex access control policy.
Keywords:algorithm theory  access control  policy management  consistency  completeness  directed acyclic graph (DAG)  verification
本文献已被 CNKI 等数据库收录!
点击此处可从《河北工业科技》浏览原始摘要信息
点击此处可从《河北工业科技》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号