[1]贺正求,吴礼发,李华波,等.请求驱动的服务组合访问控制[J].东南大学学报(自然科学版),2011,41(3):443-448.[doi:10.3969/j.issn.1001-0505.2011.03.002]
 He Zhengqiu,Wu Lifa,Li Huabo,et al.Request-driven access control for service composition[J].Journal of Southeast University (Natural Science Edition),2011,41(3):443-448.[doi:10.3969/j.issn.1001-0505.2011.03.002]
点击复制

请求驱动的服务组合访问控制()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
41
期数:
2011年第3期
页码:
443-448
栏目:
计算机科学与工程
出版日期:
2011-05-20

文章信息/Info

Title:
Request-driven access control for service composition
作者:
贺正求吴礼发李华波王睿黄康宇
(解放军理工大学指挥自动化学院, 南京 210007)
Author(s):
He ZhengqiuWu LifaLi HuaboWang RuiHuang Kangyu
(Institute of Command Automation, PLA University of Science and Technology, Nanjing 210007, China)
关键词:
服务组合访问控制角色映射冲突消解
Keywords:
service composition access control role mapping conflict resolution
分类号:
TP393.08
DOI:
10.3969/j.issn.1001-0505.2011.03.002
摘要:
提出了一种基于服务请求的角色映射与策略集成机制来解决服务组合中的访问控制问题.为了准确有效地建立域间角色映射,提出了唯一可映射集(unique mapping set, UMS)的概念,通过求取和搜索对应局部域角色层次的UMS,可找到满足外部服务请求的最合适可映射角色集.为了解决由于角色映射造成的域间策略冲突,将角色映射关系划分成3种不同的模式,通过建立或转换不同的角色映射模式可有效避免循环继承、SoD约束违背等常见冲突.与其他方法相比,这种冲突消解方法不仅可以保证服务请求的可满足性,而且能较好地保护各参与域的自治性和安全性.
Abstract:
A request-driven role mapping and policy integration framework is proposed for access control in service composition. In order to establish accurate and effective role mappings among domains, the concept of unique mapping set (UMS) is presented. Through computing and searching the UMS for the role hierarchy of local domain, the most suitable role set can be acquired to satisfy the external service requests. To resolve the policy conflicts caused by role mappings, three different types of role mapping relations are defined. General conflicts like cyclic inheritance and violation of separation of duty(SoD) constraints can be avoided through establishing or transforming different mapping types. Compared with other researches, this method can not only ensure the satisfaction of external service requests but also properly preserve the autonomy and security of the participant domains.

参考文献/References:

[1] Singhal A,Winograd T,Scarfone K.Guide to secure Web service,NIST Special Publication 800-95[R].Gaithersburg,MD,USA:National Institute of Standards and Technology,2007.
[2] 林莉,怀进鹏,李先贤.基于属性的访问控制策略合成代数[J].软件学报,2009,20(2):403-414.
  Lin Li,Huai Jinpeng,Li Xianxian.Attribute-based access control policies composition algebra [J].Journal of Software,2009,20(2):403-414.(in Chinese)
[3] Menzel M,Wolter C,Meinel C.Access control for cross-organizational Web service composition [C]//Proc of the International Multiconference on Computer Science and Information Technology.Wisla,Poland,2007:701-711.
[4] Bartoletti M,Degano P,Ferrari G,et al.Semantics-based design for secure Web services [J].IEEE Transactions on Software Engineering,2008,34(1):33-49.
[5] Hristo K,Fabio M.An access control framework for business processes for Web services [C]//Proc of the ACM Workshop on XML Security.Fairfax,VA,USA,2005:15-24.
[6] Liu P,Chen Z.An access control model for Web services in business process [C]//Proc of the IEEE/WIC/ACM International Conference on Web Intelligence.Beijing,China,2004:292-298.
[7] Shehab M,Ghafoor A.Web services discovery in secure collaboration environments [J].ACM Transactions on Internet Technology,2007,8(1):89-110.
[8] Paci F,Ouzzani M,Mecella M.Verification of access control requirements in Web services choreography [C]//Proc of the IEEE International Conference on Services Computing.Honolulu,HI,USA,2008:5-12.
[9] Du S,Joshi J B D.Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy [C]//Proc of the 11th ACM Symposium on Access Control,Models and Technologies.Lake Tahoe,CA,USA,2006:228-236.
[10] Li R X,Tang Z,Lu Z D.Request-driven role mapping framework for secure interoperation in multi-domain environments [J].International Journal of Computer Systems Science and Engineering,2008,23(3):193-206.
[11] Shafiq B,Joshi J B D,Bertino E.Secure interoperation in a multi domain environment employing RBAC policies [J].IEEE Transactions on Knowledge and Data Engineering,2005,17(11):1557-1577.
[12] Hu J W,Li R X,Lu Z D.RBAC-based secure interoperation using constraint logic programming [C]//Proc of the International Conference on Computational Science and Engineering.Vancouver,Canada,2009:867-872.
[13] Joshi J B D,Bertino E,Latif U.A generalized temporal role-based access control model [J].IEEE Transactions on Knowledge and Data Engineering,2005,17(1):4-23.

相似文献/References:

[1]孙学胜,曹玖新,刘波,等.基于多目标粒子群优化的服务选择算法[J].东南大学学报(自然科学版),2009,39(4):684.[doi:10.3969/j.issn.1001-0505.2009.04.007]
 Sun Xuesheng,Cao Jiuxin,Liu Bo,et al.Service selection algorithm based on multi-objective particle swarm optimization[J].Journal of Southeast University (Natural Science Edition),2009,39(3):684.[doi:10.3969/j.issn.1001-0505.2009.04.007]
[2]谢海军,齐连永,窦万春.基于Skyline和局部选择的启发式服务组合方法[J].东南大学学报(自然科学版),2011,41(3):449.[doi:10.3969/j.issn.1001-0505.2011.03.003]
 Xie Haijun,Qi Lianyong,Dou Wanchun.Combining Skyline and local selection for heuristic Web service composition[J].Journal of Southeast University (Natural Science Edition),2011,41(3):449.[doi:10.3969/j.issn.1001-0505.2011.03.003]

备注/Memo

备注/Memo:
作者简介:贺正求(1980—),男,博士生;吴礼发(联系人),男,博士,教授,博士生导师,wulifa@vip.163.com.
基金项目:国家重点基础研究发展计划(973计划)资助项目(2007CB310804)、江苏省自然科学基金资助项目(BK2010132).
引文格式: 贺正求,吴礼发,李华波,等.请求驱动的服务组合访问控制[J].东南大学学报:自然科学版,2011,41(3):443-448.[doi:10.3969/j.issn.1001-0505.2011.03.002]
更新日期/Last Update: 2011-05-20