• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Journal of Intelligent Information Systems >A relational database integrity framework for access control policies
【24h】

A relational database integrity framework for access control policies

机译:用于访问控制策略的关系数据库完整性框架

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Access control is one of the most common and versatile mechanisms used for information systems security enforcement. An access control model formally describes how to decide whether an access request should be granted or denied. Since the role-based access control initiative has been proposed in the 90s, several access control models have been studied in the literature. An access control policy is an instance of a model. It defines the set of basic facts used in the decision process. Policies must satisfy a set of constraints defined in the model, which reflect some high level organization requirements. First-order logic has been advocated for some time as a suitable framework for access control models. Many frameworks have been proposed, focusing mainly on expressing complex access control models. However, though formally expressed, constraints are not defined in a unified language that could lead to some well-founded and generic enforcement procedures. Therefore, we make a clear distinction by proposing a logical framework focusing primarily on constraints, while keeping as much as possible a unified way of expressing constraints, policies, models, and reference monitors. This framework is closely tied to relational database integrity models. We then show how to use well-founded procedures in order to enforce and check constraints. Without requiring any rewriting previous to the inference process, these procedures provide clean and intuitive debugging traces for administrators. This approach is a step toward bridging the gap between general but hard to maintain formalisms and effective but insufficiently general ones.
机译:访问控制是用于信息系统安全实施的最常见和通用的机制之一。访问控制模型正式描述了如何决定是否应该授予或拒绝访问请求。由于基于角色的访问控制倡议是在90年代提出的,因此在文献中已经研究了几种访问控制模型。访问控制策略是模型的实例。它定义了决策过程中使用的一组基本事实。策略必须满足模型中定义的一组约束,这些约束反映了一些高级组织的要求。一阶逻辑已经被提倡作为访问控制模型的合适框架。已经提出了许多框架,主要集中在表达复杂的访问控制模型上。但是,尽管正式表达了约束,但并未以统一的语言定义约束,这可能会导致一些有根据的通用执法程序。因此,我们通过提出一个主要关注约束的逻辑框架,同时保持尽可能统一的表示约束,策略,模型和参考监视器的方式,来进行明显区分。该框架与关系数据库完整性模型紧密相关。然后,我们展示如何使用基础完善的过程来强制执行和检查约束。这些过程无需在推理过程之前进行任何重写,即可为管理员提供干净直观的调试跟踪。这种方法是弥合一般但难以维持的形式主义与有效但不够充分的形式主义之间的差距的一步。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号