网格环境中基于语义的ABAC属性研究

Attribute research of ABAC based on semantic in grid environment

下载PDF

导出

摘要为解决网格环境中域间互操作时基于属性的访问控制(attribute based access control,ABAC)策略之间的语义异构问题,提出一种利用属性语义信息辅助域间安全策略表示的方法。根据主客体及环境属性的多样性和二义性等特点,对EduPerson规范、SAML属性轮廓、QoS测度等领域知识进行分析,并构建出SHIQ(D)描述逻辑的通用属性本体UniAttOnt。在此基础上,给出了利用本体知识使用属性语义信息辅助属性一致性检测和策略表示等的具体方法,最后的实例分析表明了该方法的可行性。 To solve the heterogeneous semantic problems of the ABAC policies in grid environment,a method to assist the security policy representation using semantic attribute information between domains is proposed. Based the diversity and ambiguity feathers of the subject,object and environment attributes,the EduPerson specification,SAML attribute profile and QoS measures are analyzed and the universal attribute ontology UniAttOnt based on the SHIQ （D） description logic is constructed. Based on these,the concrete methods to assist the attribute consistency check and policy representation utilizing ontology knowledge and semantic attribute information are provided. Finally,a case study is showed to verify the feasibility of the method.

作者胡殿友张斌

机构地区解放军信息工程大学电子技术学院

出处《计算机工程与设计》 CSCD 北大核心 2010年第14期3174-3176,3184,共4页 Computer Engineering and Design

基金国家863高技术研究发展计划基金项目(2006AA01Z457)

关键词基于属性的访问控制属性本体描述逻辑一致性检测策略表示 ABAC attribute ontology description logic consistency check policy representation

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献8

1Welch V,Foster I,Scavo T,et al.Scaling TeraGrid access:A roadmap for attribute based authorization for a large cyberinfrastructure[EB/OL],http://gridshib.globus.org/docs/,2006.
2王治纲,王晓刚,卢正鼎,李瑞轩.OntoRBAC:基于本体的RBAC策略描述与集成[J].计算机科学,2007,34(2):82-85. 被引量：8
3Su L,Chadwich D,Basden A,et al.Automated decomposition of access control policies[C].Stockholm,Sweden:Proc 6th IEEE International Workshop on Policies for Distributed Systems and Networks,2005:3-13.
4Trivellato D,Spiessens F,Zannone N,et al.POLIPO:Policies and OntoLogies for interoperability,portability,and autonomy[C].London,UK:Proc 10th IEEE International Symposium on Policies for Distributed Systems and Networks,2009:110-113.
5Finin T,Joshi A,Kagal L,et al.ROWLBAC:Role based access control in OWL[C].Estes Park,CO,USA:Proc 13th ACM Symposium on Access Control Models and Technologies,2008:73-82.
6Baader F,Calvanese D,McGuinness D,et al.The description logic handbook:Theory,implementation,and applications[M].Cambridge:Cambridge University Press,2003.
7Internet2 middleware architecture committee for education,directory working group.edu person object class specification[EB/OL].http://middleware.internet2.edu/edupersen/docs/,2008.
8Cantor S,Hazelton K.MACE-Dir SAML attribute profiles[EB/OL].http://middleware.internet2.edu/dir/docs/,2008.

二级参考文献10

1Uszok A, Bradshaw J, Jeffers R, et al. KAoS Policy Management for Semantic Web Services. IEEE Intelligent Systems,2004, 19(4): 32-41
2Baader F, Nutt W. Basic Description Logics. In: the Description Logic Handbook, F. Baader, D. Calvanese, D.L. McGuinness,et al,eds. Cambridge University Press, 2002. 47-100
3Horrocks I, Patel-Schneider P F, Boley H, et al. SWRL: A semantic Web rule language combining owl and ruleml. W3C Member Submission, 21 May 2004. Available at: http://www. w3.org/Submission/SWRL/
4Damianou N, et al. The Ponder Policy Specification Language.In: Proc. Policy 2001, Workshop on Policies for Distributed Systems and Networks, Bristol, UK, Jan. 2001. 18-39
5Koch M, Mancini LV, Parisi-Presicce F. A graph-based formalism for rbac. ACM Transactions on Information and System Security (TISSEC), 2002. 332-365
6Jajodia S, Samarati P, Sapino M, et al. Flexible support for multiple access control policies. ACM Transactions on Database Systerns, 2001. 214-260
7Bertino E, Catania B, Ferrari E, et al. A logical framework for reasoning about access control models. ACM Transactions on Information and System Security (TISSEC), 2003. 71-127
8Joshi J B D, Bhatti R, Bertino E, et al. Access Control Language for Multidomain Environments. IEEE Internet Computing, 2004,8(6):40-50
9Moses T, et al. eXtensible Access Control Markup Language(XACML)Version 2. 0. http://docs.oasis-open.org/xacml/2.0/access-control-xacml-2. 0-core-spec-os, pdf. 30 Sep. 2004
10Kagal L, et al. A Policy Based Approach to Security for the Semantic Web. In:Proc. 2nd International Semantic Web Conference (ISWC2003), Sanibel Island, Florida, USA, 2003. 402-418

共引文献7

1贾保先,鲍素贞,杨吉宏.虚拟数字图书馆语义平台建设关键技术研究[J].聊城大学学报（自然科学版）,2009,22(4):93-96. 被引量：1
2李寒,郭禾,王宇新,陆国际,杨元生.用基于RBAC的方法集成遗产系统的访问控制策略[J].计算机科学,2011,38(7):126-129. 被引量：2
3张晟,魏东平.部队装备仓储数据库安全技术初探[J].科技资讯,2012,10(11):30-30.
4周加根,叶春晓.权限扩展RBAC模型的本体表示和实现[J].计算机应用,2012,32(9):2624-2627.
5陶勇,汪成亮.属性RBAC策略的OWL表示和推理[J].计算机工程与应用,2014,50(19):66-69. 被引量：1
6翟梅,陈健,张鸿洋.基于MOOCs的个性化学习评价系统的设计[J].计算机技术与发展,2015,25(12):165-168. 被引量：4
7刘喜敏.基于J2EE的出版类企业电子商务系统平台研究与设计[J].出版广角,2013(05X):26-27.

1范体贵.可信网络基本概念与基本属性研究[J].赤峰学院学报（自然科学版）,2007,23(5):55-57. 被引量：1
2周启生,王化文.基于WWW远程考试系统的研究与设计[J].计算机工程与设计,2005,26(3):830-832. 被引量：16
3郭茂祖,王亚东,刘扬,孙华梅.基于Metropolis准则的Q-学习算法研究[J].计算机研究与发展,2002,39(6):684-688. 被引量：14
4曾旷怡,杨家海.一种基于策略的网络管理系统研究与实现[J].小型微型计算机系统,2007,28(2):218-223. 被引量：11
5丁森云.基于策略的网络管理技术[J].知识经济,2011(18):6-7. 被引量：2
6魏先民.一种基于知识的组卷系统组卷策略库设计[J].潍坊学院学报,2004,4(6):88-89. 被引量：1
7刘琢.Pascal-AG的block环境属性[J].计算机工程,1989,4(5):45-52.
8许伟权,汤庸,曾颖,刘浩钊.电子政务信息的时态属性研究[J].计算机工程与应用,2004,40(4):58-60. 被引量：5
9杨敬波,贾丽虹,张召兵.描述逻辑SHIQ研究[J].曲阜师范大学学报（自然科学版）,2006,32(1):63-66. 被引量：1
10刘颖,李真,陈才贤.证书管理策略形式化问题的分析与研究[J].计算机应用与软件,2009,26(7):283-285. 被引量：2

计算机工程与设计

2010年第14期

浏览历史

内容加载中请稍等...

网格环境中基于语义的ABAC属性研究

参考文献8

二级参考文献10

共引文献7

相关作者

相关机构

相关主题

浏览历史