跨域访问控制策略合成的可视化框架(英文)

作     者：潘理 柳宁 訾小超 PAN Li;LIU Ning;ZI Xiaochao

作者机构：School of Electronic Information and Electric Engineering National Engineering Laboratory of Information Content Analysis Technology Shanghai Jiao Tong University 

出 版 物：《China Communications》 (中国通信（英文版）)

年 卷 期：2013年第10卷第3期

页      面：67-75页

核心收录：

学科分类：0810[工学-信息与通信工程] 0808[工学-电气工程] 0809[工学-电子科学与技术（可授工学、理学学位）] 0839[工学-网络空间安全] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported in part by National Key Basic Research Program of China (973 Program) under Grant No.2013CB329603 National Natural Science Foundation of China under Grant No.60903191 

主　　题：访问控制策略 可视化 集成 框架 基于角色的访问控制 映射算法 计算环境 资源共享 

摘      要：The rapid increase in resource sharing across domains in the cloud computing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Although a number of policy integration and security analysis mechanisms have been developed, few focus on enabling the average administrator by providing an intuitive cognitive sense about the integrated policies, which considerably undermines the usability factor. In this paper we propose a visualization framework for inter-domain access control policy integration, which integrates Role Based Access Control (RBAC) policies on the basis of role-mapping and then visualizes the integrated result. The role mapping algorithm in the framework considers the hybrid role hierarchy. It can not only satisfy the security constraints of non-cyclic inheritance and separation of duty but also make visualization easier. The framework uses role-permission trees and semantic substrates to visualize the integrated policies. Through the interactive policy query visualization, the average administrator can gain an intuitive understanding of the policy integration result.