计算机应用 ›› 2015, Vol. 35 ›› Issue (8): 2184-2188.DOI: 10.11772/j.issn.1001-9081.2015.08.2184

• 信息安全 • 上一篇    下一篇

Web服务访问控制策略研究

贺正求1, 张叶琳2, 许俊奎1, 孙丹辉1   

  1. 1. 中国洛阳电子装备试验中心, 河南 洛阳 471003;
    2. 解放军96275部队, 河南 洛阳 471003
  • 收稿日期:2015-03-16 修回日期:2015-05-27 出版日期:2015-08-10 发布日期:2015-08-14
  • 通讯作者: 贺正求(1980-),男,湖南益阳人,助理研究员,博士,主要研究方向:网络安全、系统仿真,hzqzyl@163.com
  • 作者简介:张叶琳(1982-),女,湖南桃江人,工程师,硕士,主要研究方向:网络安全; 许俊奎(1978-),男,河南许昌人,助理研究员,博士,主要研究方向:软件测试; 孙丹辉(1982-),男,安徽涡阳人,工程师,硕士,主要研究方向:系统仿真。
  • 基金资助:

    总装备部预先研究项目(51333030103)。

Research on access control policy for Web service

HE Zhengqiu1, ZHANG Yelin2, XU Junkui1, SUN Danhui1   

  1. 1. Luoyang Electronic Equipment Test Center of China, Luoyang Henan 471003, China;
    2. Unit 96275 of PLA, Luoyang Henan 471003, China
  • Received:2015-03-16 Revised:2015-05-27 Online:2015-08-10 Published:2015-08-14

摘要:

Web服务环境中,交互实体通常位于不同安全域,具有不可预见性。Web服务应该基于其他与领域无关的信息而非身份来实施访问控制,以实现对跨域未知用户的访问授权。为此,提出了适应于Web服务的基于上下文的访问控制策略模型。模型的核心思想是将各种与访问控制有关的信息统一抽象表示为一个上下文概念,以上下文为中心来制定和执行访问控制策略,上下文担当了类似基于角色的访问控制(RBAC)中角色的概念。基于描述逻辑语言(DL),定义了基于上下文的访问控制策略公理,建立了访问控制策略知识库,提出了访问控制策略的逻辑推理方法。最后基于Racer推理系统,通过实验验证了方法的可行性和有效性。

关键词: Web服务, 访问控制, 上下文, 策略, 推理规则

Abstract:

In Web service environment, the interacting entities usually cannot be predetermined and may be in different security domains. To address the access authorization for unknown users across domain borders, access control of Web service should be implemented based on domain-independent access control information but not the identities. A context-based access control policy model which can be appropriate for Web service environment was proposed. The main idea of the model was that, various access control information was abstracted and represented as a concept of context which was adopted as the center to define and perform access control policies. The context concept here acted as an intermediary between requesters and the access permissions, which was similar to the role of Role-Based Access Control (RBAC) in a way. Context-based access control policy axioms were defined based on Description Logic (DL), on the basis of these axioms, the access control policy knowledge base with the capacity of reasoning about the access control policies was put forward. Finally, the effect of access control policy enforcement was verified in Racer reasoning system, and the experiment result proved the feasibility and validity of the presented method.

Key words: Web service, access control, context, policy, inference rule

中图分类号: