Information Technology Reference
In-Depth Information
Fig. 1.
The module structure of the conflict related rules detect tool for AC policy
The module structure of tool is presented as Fig.1.
The tool consists of four modules:
Analysis for policy semantics: read access control policy declaration described by
XACML language, analyze its semantics, and put semantics in ABox through API
interface.
Analysis for rule semantics: analyze rule semantics according to the input XACML
rule, and then add the result in access control policy which is already put into ABox.
Analysis for implicit semantics: analyze implicit semantics in ABox according to the
predefined SWRL rule, and then store it in the ABox.
Analysis for conflict: output conflict and conflict-related rules according to conflict
reasoning rules which are described by predefined SWRL rule.
Implementation layer includes Racer reasoning machine and API interface. Racer
reasoning machine is realized by adopting Racer 1.9.5 reasoning machine which in-
cludes ABox and TBox. TBox stores abstract model of access control rules and SWRL
reasoning rules. ABox stores instances of access control rules. Through structures of
nROL query language offered by JRacer, reports of “conflict-related rules” will query
“conflict-related rules” that meet the conditions. The specific implementation of TBox
construction, compiling of SWRL rule and “conflict-related rule” report are as follows.
The rules of reasoning the “conflict-related rules” described by SWRL (Semantic
Web Rule Language) in the form of TBox axiom is as follows:
1) Subject(?sA)→has_Subject_Overlap(?sA, ?sA)
2) Resource(?rA)→has_ Resource_Overlap(?rA, ?rA)
3) Action(?aA)→has_ Action_Overlap(?aA, ?aA)
4) has_subSubject(?sA,?sB)
∧
has_subSubject(?sB,?sC)→ has_sub Subject (?sA, ?sC)
5) has_subSubject(?sA,?sB)→has_Subject_Overlap(?sA, ?sB)
6) has_Subject_Overlap(?sA,?sB)→has_Subject_Overlap(?sB, ?s A)
7) has_subResource(?rA, ?rB)
∧
has_subResource(?rB, ?rC) → has _subResource(?rA, ?rC)
8) has_subResource(?rA, ?rB)→ has_Subject_Overlap(?rA, ?rB)
9) has_Subject_Overlap(?rA,?rB)→has_Subject_Overlap(?rB, ?rA)
10) has_Subject(?pA, ?sA)
∧
has_Subject(?pB, ?sB)
∧
has_Subject _Overlap(?sA, ?sB)
∧
has_Resource(?pA, ?rA)
∧
has_Resource(? pB, ?rB)
∧
has_Resource_Overlap(?rA, ?rB)
∧
has_
