XML-based Access Control Model for Service Management Information
-
摘要: 提出了一种基于XML细粒度的服务管理信息的访问控制模型,用于控制服务管理站对服务管理信息的访问.采用了形式化方法定义服务管理信息的访问控制模型的主体、客体和授权规则;讨论了授权规则的冲突解决方法,设计了标记XML文档中哪些节点的元素或属性可以被操作的标签树算法;描述了服务管理系统中细粒度访问控制模型的4种操作.该模型能控制服务管理站对服务管理信息的访问控制,控制粒度可以达到XML文档中的元素或属性.Abstract: In order to protect the service management information,a fine-grained access control model for service management information is proposed,through which,the operations of service manager accessing service management information can be controlled.A formalized description of subject,object,and authorization rules are given,and an authorization conflict resolution strategy is proposed. Moreover,a tree labeling algorithm for a XML document is designed,which states whether an element/attribute(or set of them) in the XML document can(or cannot) be accessed by the service manager.After that,four operations on the XML document of the fine-grained access control model in the service management system are described in detail.The access control model of protecting service management information allows the definition of access restrictions directly on the element or attribute of the XML documents.
-
Keywords:
- network management /
- access control /
- XML
-
-
[1] MACHIRAJU V,SAHAI A,MOORSEL A V.Web services management network:an overlay network for federated servicemanagement[C]∥IFIP/IEEE Eighth International Symposium on Integrated Network Management.Colorado Springs:IEEE Computer Society Press,2003:351-364.
[2] BHOJ P,SINGHAL S,CHUTANI S.SLA management in federated environments[J].Computer Networks,2001,35(1):5-24.
[3] 任兴田,黄小红,马严.基于Web Services服务管理系统的研究[J].计算机工程,2007,30(4):91-96.REN Xing-tian,HUANG Xiao-hong,MA Yan.Research on web services-based service management system[J].ComputerEngineering,2007,30(4):91-96.(in Chinese) [4] OASIS.Extensible access control markup language(XACML)1.0[S/OL].http:∥www.oasis-open.org/committees/xacml/repository/,2003.
[5] MULDNER T,LEIGHTON G,MIZIOLEK J K.Using multi-encryption to provide secure and controlled access to XMLdocuments[C/OL]∥In Proceedings of Extreme Markup Languages.http:∥conferences.idealliance.org/extreme/html/2006/Muldner01/EML2006Muldner01.html,2006.
[6] DAMIANI E.XML access control systems:a component-based approach[C]∥Fourteenth Annual IFIP WG11.3 WorkingConference on Database Security.Schoorl:Kluwer,2000:39-50.
[7] KUDO M,HADA S.XML document security based on provisional authorization[C]∥In Proceedings of the 7th ACMConference on Computer and Communication Security.Athens:ACM press,2000:87-96.
[8] DAMIANI E,VIMERCATI S D C,PARABOSCHI S,et al.A fine-grained access control system for XML documents[J].Acm Tissec,2002,5(2):169-202.
计量
- 文章访问数: 14
- HTML全文浏览量: 1
- PDF下载量: 5
下载:
