XACML policy rule checking method

A detection method and rule-based technology, applied in the direction of instruments, digital data authentication, electronic digital data processing, etc., can solve problems such as constraints
CN101339591AInactive Publication Date: 2009-01-07INST OF SOFTWARE - CHINESE ACAD OF SCI
0 Cites 53 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
INST OF SOFTWARE - CHINESE ACAD OF SCI
Publication Date
2009-01-07
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention provides an XACML strategy rule detecting method, belonging to the field of authorized strategy analysis in information safety. According to the XACML strategy rule, the method has a rule status definition, a rule status correlation definition and a conflict type analysis; on the basis, a strategy index based on a semantic tree is established, a concrete XACML strategy rule detection is carried out and the rule conflict and the rule redundancy are analyzed; the detection method comprises two types: a conflict detection method based on a property level operation correlation and a detection method for other typed conflicts based on the status correlation. In the redundancy analysis, the analysis determining method of the rule redundancy is given respectively in the algorithms of allowing priority, refusing priority and the first-time application dispelling. By adopting the detection method, the strategy manager can precisely locate the rules causing the conflict and the reasons for the conflict; in the redundancy analysis, according to the analysis result, the strategy structure can be optimized and the redundancy rules which has no influence on accessing the determining result can be deleted, therefore, the strategy determining efficiency is improved.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention mainly relates to the field of authorization policy analysis in information security, and exactly provides a method for detecting XACML policy rules. Background technique

[0002] With the emergence of a large number of applications such as inter-organizational business collaboration, distributed computing, and cross-domain resource sharing, policy-based management is facing new challenges. In an open computing environment, users and service resources across organizational boundaries dynamically join or withdraw from the organization. Security policies need to consider a wide variety of security attributes, and auxiliary parameters for authorization decisions tend to be complex. Authorization management within the organization is flexible and shared. Resource access policies are usually formulated collaboratively by multiple management domains. These circumstances inevitably lead to the threat of internal policy conflicts. Whether the o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More