Information Technology Reference
In-Depth Information
existing concept [10]. Mansor et al. give the dynamic conflict detection algorithm for
policy-based management [11].
Therefore, we discover that researches on conflict detection tool for access control
policy at present are mainly focusing on two rules which have opposite actions, but
ignoring other “conflict-related rules”. It is necessary to research the extension of
“conflict-related rules” and the detection tools.
3
Semantic Model for AC Policy
The grammar representation of access control policy is given first, and then we analyze
its semantics, giving its semantic formal representation. For convenience of expression,
we use “policy” instead of “access control policy” and “rule” instead of “access control
rule”.
3.1
Grammatical Formal Model for Access Control Policy
Definition 1: Access Control Policy (grammatical definition):
Grammatically,
policy is the set of rule statements, and a rule statement comprised of components
complying with grammar rules.
Grammatically, the formal representation of access control policy is as follows:
=
r
−
state r
|
−
state
=
sub
−
state sub
,
−
state
,
;
P- STATE
r
−=−
state
obj
state obj
,
−
state
,
sub
−
state obj
,
−
state act
,
−
state
(1)
r
−=
state
,
perm
−
state
{
}
(
)
sub
−
state obj
,
−
state, act
−
state perm
,
−
state
∈
exp grammer exp
|
;
Where, P-STATE is the set of rule clarifications, namely policy;
rstate
−
is a rule
clarification in policy;
sub
−
state
is the subject expression;
obj
−
state
is the object
expression;
act
−
state
is the action expression;
perm
−
state
is the permission ex-
(
)
pression.
grammer exp
is a predicate, indicating that the expression correspond
with the specification of grammar.
3.2
Semantic Formal Model for Access Control Policy
According to grammar of access control policy presented in part A, we first analyze the
implication of expressions, and then analyze the semantics of rule statement of the three
types, which will finally deduce the semantics of policy.
Definition 2: Semantics Expressed by “Subject Expression” and “Object Expres-
sion”:
Semantics are specific entities. Semantics of subject expression is users or
