Information Technology Reference
In-Depth Information
4 Implementation
We use SICStus Prolog (SICSP) [5] as the inference engine of REAL05. The com-
pound terms in SICSP are very suitable for expressing permissions, roles and spacial
constraints in REAL05. List structures are suitable for expressing entity sets and trust
scopes. The predicate symbols in REAL05 can be translated into SICSP predicates.
For example, the predicate symbol “
” in rule
⑦
(see table 2) can be implemented as
predicate “subspt”, which is defined by following
n
~
s
SICSP predicates, where
“isMember(E, X, dR(E, N))” is equivalent to “?y.canActivate(?x, dR(?e, ?n))” in
REAL05.
⊆
n
subspt(_, *).
o
subspt(_, []).
p
subspt([], []).
q
subspt([], _).
r
subspt([X], [X]).
s
subspt([X|ES], [dR(E, N)|TS]) :- isMember(E, X, dR(E, N)), subspt([X], TS),
subspt(ES, [Y|TS]).
SICSP also provides a mapping mechanism between predicates and external func-
tions. This mechanism allows the inference engine to make distributed query during
local inference. When the predicate being evaluated is not asserted by local entity, the
local inference engine will send a query containing this predicate to its principle. Each
entity stores the delegation policies of the delegation trees that originated from it. The
authorization policies are stored with subjects and will be submitted to server during
login process. Note that the number of authorization policies is usually much more
than that of delegation policies in the system. Therefore our policy distribution
scheme is more attractive considering the efficiency of both policy retrieval and pol-
icy discovery. We have embedded such distributed inference mechanism into a mid-
dleware access control management (MACM) architecture, which is the central part
of the security service in StarBus [16]. MACM covers multiple administrative do-
main, different domains exchange credentials and queries through a domain manger
overlay network (DMON). DMON ensures the consistency and completeness of po-
lices among all the domains participating in the overlay network. DMON also pro-
vides a new approach to realize negation policies within a specified domain, while
enforcing negation policies in open decentralized systems is still very difficult and
waits for more feasible solutions [11].
Our simulation system is the extension of the samples in section 3.3. There are 10
M
1
entities (treated as administrative domains), each M
1
has 10 P
1
and 10 M
n
as its
domain members, and each M
n
has 100 U as domain members. The name of each
entity is generated by a string randomizer. There are 1000 sessions on the server S.
The system distributes over 10 PCs (CPU-2.0GHz, RAM-256M, LAN-100M) and the
communication is protected by SSL. There are more than 10,000 rules (without signa-
ture yet) in the system. The average overhead of login is 0.26 seconds; the average
overhead of each request is 0.12 seconds. This performance is acceptable for most
large-scale distributed systems.
5 Related Work
The concept of trust management was firstly introduced by M. Blaze et al with Poli-
cyMaker [7]. A large amount of work has been done on trust management, such as
