Acta Scientiarum Naturalium Universitatis Pekinensis

Previous Articles     Next Articles

A Semantic Security Policy Language for Distributed Computing Environment

LIU Peng1, HU Jianbin, CHEN Zhong   

  1. Information Security Lab, Department of Computer Science and Technology, School of Electronics Engineering and Computer Science, Peking University, Beijing, 100871; 1E-mail: liupeng@infosec.pku.edu.cn
  • Received:2005-05-20 Online:2006-09-20 Published:2006-09-20

分布式计算环境下的语义安全策略语言

刘鹏1,胡建斌,陈钟   

  1. 北京大学信息科学技术学院,计算机科学技术系信息安全实验室,北京,100871;1E-mail: liupeng@infosec.pku.edu.cn

Abstract: A semantic security policy language, called SSPL, was proposed for distributed computing environment. SSPL is represented in OWL DL. SSPL supports basic concepts of security policy-positive and negative authorization and obligation, privilege delegation and revocation, policy conflict resolution. Furthermore, SSPL supports rule-style policy, which enhances the expressiveness of SSPL. This paper also demonstrates the reasoning of SSPL policy. DL-safe rule and courteous logic program were introduced for the formal semantic of SSPL. The transformation from SSPL policy to courteous DL-safe program and the query answering procedure of the result courteous DL-safe program are presented.

Key words: security policy, distributed computing environment, OWL, Datalog, DL-safe rule

摘要: 提出了一种用于分布式计算环境的语言安全策略语言SSPL。SSPL通过OWL DL描述,支持各种安全策略的基本类型,包括肯定和否定授权,肯定和否定义务,权限委托和撤销以及策略冲突消除等。SSPL还支持基于规则的安全策略,使得该语言具有更强的表达能力。为了分析SSPL策略的形式化语义和推理的可判定性,引入DL-safe规则和courteous logic program的概念,并定义了一组从SSPL策略到courteous DL-safe program的转换规则,介绍了对转换得到的逻辑程序的推理过程。

关键词: 安全策略, 分布式计算环境, OWL, Datalog, DL-safe

CLC Number: