Information Technology Reference
In-Depth Information
Φ
Φ
Φ
Theorem 2
,
,
is a complete division of Conflict-related
opposite
subjects
objects
Rules (
Φ
).
related
Proof:
r
∈Φ
,
    
 
definition
8
Φ
conflict
,
theorem
1
related
related
{
}
1
2
Φ
conflict
Φ
=
ξξ
, 12
∪Φ
∪Φ
related
related
rules
rules
1
2
which
 
Φ
condition
1,
Φ
condition
2
rules
rules
{
}
1
2
ξξ
,
,
definition
9
Φ
,
definition
10
Φ
,
definition
11
12
, 12
rules
rules
   
  
{
}
1
2
ξξ
Φ
Φ
opposite
ru
les
subjects
rules
objects
Φ
= Φ
∪ Φ
∪ Φ
  
is proved .
related
opposite
subjects
objects
4
A Conflict-Related Rules Conflict Detection Tool for AC
Policy
This session implements a conflict-related rules conflict detection tool for AC policy,
which could do detections of “conflict-related rules” when one access control rule is
added by security administrator.
The tool is implemented basing on description logic.
Description logic is a kind of language represents that knowledge has grammar and
semantics. Description logic is building on concept and relation (Relation, Role).
Concept means the set of objects and relation means the binary relation between objects
[2]. Description logic system consists of four basic parts: description logic language,
description logic knowledge base, reasoning mechanism and query language supported
by description logic system. Description logic language specifies the language of
description logic. Description logic knowledge base is comprised of TBox (Termino-
logical Box) and ABox (Assertion Box). TBox means terminology and terminology is
the rules used for reasoning. ABox means assertion and assertion is the facts used for
reasoning. Reasoning mechanism automatically does reasoning according to know-
ledge base. Query language supported by description logic system can query facts
conforming to conditions.
Therefore, according to the grammar of TBox, axiom can be described as semantic
model of access control policy and conditions for conflict-related rules are in session
. The axiom will be used for reasoning and put into TBox. With the semantic model
in TBox, the specified access control policy can be converted into instances in ABox
and used as the facts of reasoning. Describing the “conditions for conflict-related rule”
as axiom, by using the query language which is supported by the description logic
system, “conflict-related rule” can be queried to complete the process of detection
through reasoning.
Search WWH ::




Custom Search