A Conflict-related Rules Detection Tool for Access Control Policy
Conflict detection is an important issue of the Access Control Policy.Most conflict detection tools mainly focus on the two rules that have contrary actions,but there are also other rules which are necessary to the conflict situation,which is not considered in these tools.This paper defines all these rules related to the conflict situation as the concept “conflict-related rules”,and gives a conflict-related rules detection tool for Access Control Policy which can report the conflict situation more comprehensively.By giving the semantics model of the access control policy and the definition of conflict,we prove the necessary and sufficient condition of conflict,and then give the concept of “conflict-related rules” and deduce its extension.We implement conflict-related rules detection tool based on the description logic,and the experiment results validate the tool’s correctness and effectiveness.The results of the correctness experiment showed that instead of detecting the two rules with opposite actions only,it detected all the conflict-related rules for access control policy; the results of the effectiveness experiment showed that our tool’s response performance is better than VPN based tools.
Access control policy conflict detect conflict-related rules description logic
Liang Xiaoyan Lv Liangshuang Xia Chunhe Luo Yang Li Yazhuo
Key Laboratory of Beijing Network Technology, School of Computer Science and Engineering, Beijing Un Key Laboratory of Beijing Network Technology,School of Computer Science and Engineering, Beijing Uni Key Laboratory of Beijing Network Technology,School of Computer Science and Engineering, Beijing Uni
国内会议
张家界
英文
133-139
2013-07-01(万方平台首次上网日期,不代表论文的发表时间)