XACML policy rule checking method

A detection method and rule-based technology, applied in the direction of instruments, digital data authentication, electronic digital data processing, etc., can solve problems such as constraints

Inactive Publication Date: 2009-01-07
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF0 Cites 53 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In a small-scale policy environment with a single environment, the ergodic matching method has no significant impact on system efficiency
However, in the a

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • XACML policy rule checking method
  • XACML policy rule checking method
  • XACML policy rule checking method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0075] Figure 4 A conflict detection algorithm based on attribute-level operational association is described. The input of the algorithm includes the subject attribute policy pol to be detected and the permission policy list of the upper-level subject attribute that is referenced and inherited by it, and the output is a pair(rule p , rule d ) set conSet composed of. The specific process of the algorithm is as follows. For the permit type rule rule in pol p , determine the rule p Medium resource attribute resAttr p Node on the semantic tree res , to Node res Each policy pol in its own policy identification list Δ to test. Analyze pol one by one Δ The deny type rule in the rule d , if the rule p and rule d The state dependency is State rule p ↔ ( res , ac ) State ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an XACML strategy rule detecting method, belonging to the field of authorized strategy analysis in information safety. According to the XACML strategy rule, the method has a rule status definition, a rule status correlation definition and a conflict type analysis; on the basis, a strategy index based on a semantic tree is established, a concrete XACML strategy rule detection is carried out and the rule conflict and the rule redundancy are analyzed; the detection method comprises two types: a conflict detection method based on a property level operation correlation and a detection method for other typed conflicts based on the status correlation. In the redundancy analysis, the analysis determining method of the rule redundancy is given respectively in the algorithms of allowing priority, refusing priority and the first-time application dispelling. By adopting the detection method, the strategy manager can precisely locate the rules causing the conflict and the reasons for the conflict; in the redundancy analysis, according to the analysis result, the strategy structure can be optimized and the redundancy rules which has no influence on accessing the determining result can be deleted, therefore, the strategy determining efficiency is improved.

Description

technical field [0001] The invention mainly relates to the field of authorization policy analysis in information security, and exactly provides a method for detecting XACML policy rules. Background technique [0002] With the emergence of a large number of applications such as inter-organizational business collaboration, distributed computing, and cross-domain resource sharing, policy-based management is facing new challenges. In an open computing environment, users and service resources across organizational boundaries dynamically join or withdraw from the organization. Security policies need to consider a wide variety of security attributes, and auxiliary parameters for authorization decisions tend to be complex. Authorization management within the organization is flexible and shared. Resource access policies are usually formulated collaboratively by multiple management domains. These circumstances inevitably lead to the threat of internal policy conflicts. Whether the o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/45
Inventor 王雅哲冯登国张立武张敏
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap