基于OWL的RBRBAC策略定义和推理

基于OWL的RBRBAC策略定义和推理

于海波, 谢琦, 吕巍

吉林大学计算机科学与技术学院, 长春 130012

收稿日期:2006-02-03 修回日期:1900-01-01 出版日期:2006-09-26 发布日期:2006-09-26
通讯作者: 于海波

OWLbased RBRBAC Policy Definition and Reasoning

YU Haibo, XIE Qi, LV Wei

College of Computer Science and Technology, Jilin University, Changchun 130012, China

Received:2006-02-03 Revised:1900-01-01 Online:2006-09-26 Published:2006-09-26
Contact: YU Haibo

摘要/Abstract

摘要： 提出一种基于本体对RBRBAC策略进行定义的方法, 该方法能定义复杂的属性表达式, 并支持多种属性值类型, 可以在策略中直接定义属性值间的偏序关系和角色间的层次关系. 具有不同语法结构的属性表达式也可以比较, 以发现不同授权规则间可能存在的关系. 在推理机的支持下, 除了能够访问控制决策推理外, 还可以判定授权规则间的优先关系, 并发现相关规则间的策略冲突.

关键词: Web本体语言, RBRBAC模型, 授权策略, 属性表达式

Abstract: An Ontologybased approach to define the authorization policies of an RBRBAC model was proposed, by which one can effectively define complex attribute expressions, quasiorder relation definition among attribute values and role hierarchies among roles in the OWL style policies. Comparison between attribute expressions without identical syntax structures is permitted to gain an insight into the relationships of all kinds of authorization rules. We can make authorization decision and perform seniority levels reasoning via an OWL reasoner. Moreover, conflicts among related authorization rules can be detected by consistency check.

Key words: OWL, RBRBAC model, authorization policy, attribute expression

中图分类号:

TP309

于海波, 谢琦, 吕巍. 基于OWL的RBRBAC策略定义和推理[J]. J4, 2006, 44(05): 754-759.

YU Haibo, XIE Qi, LV Wei. OWLbased RBRBAC Policy Definition and Reasoning[J]. J4, 2006, 44(05): 754-759.