首页> 外国专利> PROVISIONING ACCESS CONTROL USING SDDL ON THE BASIS OF AN XACML POLICY

PROVISIONING ACCESS CONTROL USING SDDL ON THE BASIS OF AN XACML POLICY

机译：基于XACML政策使用SDDL进行访问控制

页面导航

摘要
著录项
相似文献

摘要

A method is disclosed, and a corresponding data carrier and policy converter, for producing at least one Security Descriptor Definition Language, SDDL, rule from an eXtensible Access Control Markup Language, XACML, policy (P), wherein said at least one SDDL rule is enforceable for controlling access to one or more resources in a computer network. A reverse query is produced indicating a given decision (d), which is one of permit access and deny access, and a set (R) of admissible access requests. Based on the reverse query, the XACML policy (P) and the given decision (d) are translated into a satisfiable logic proposition in Boolean variables (v_i, i=1, 2, . . . ) From said ROBDD, variable assignments (RC_j=[ARC_j1:v₁=x_j1, ARC_j2:v₂=x_j2, . . . ], j=1, 2, . . . ) satisfying the logic proposition are derived and at least one SDDL rule is created based on said variable assignments (RC_j=[ARC_j1:v₁=x_j1, ARC_j2:v₂=x_j2, . . . ], j=1, 2, . . . ) satisfying the logic proposition.

机译：公开了一种方法，以及相应的数据载体和策略转换器，用于从可扩展访问控制标记语言XACML策略（P）产生至少一种安全描述符定义语言SDDL规则，其中，所述至少一个SDDL规则为可执行以控制对计算机网络中一个或多个资源的访问。产生反向查询，指示给定的决定（d）和允许的访问请求集（R），该决定是许可访问和拒绝访问之一。基于反向查询，将XACML策略（P）和给定的决策（d）转换为布尔变量（v _{i ，i = 1，2，....）中可满足的逻辑命题。从所述ROBDD中，变量分配（RC _{j = [ARC _{j1 ：v _{1 = x _{j1 ，ARC <导出满足逻辑命题的Sub> j2 ：v _{2 = x _{j2 ，。。。，j = 1，2，。。。根据所述变量分配创建至少一个SDDL规则（RC _{j = [ARC _{j1 ：v _{1 = x _{j1 < / Sub>，ARC _{j2 ：v _{2 = x _{j2 ，。。。]，j = 1，2，。逻辑命题。}}}}}}}}}}}}}}

著录项

公开/公告号US2015163250A1

专利类型
公开/公告日2015-06-11

原文格式PDF
申请/专利权人 AXIOMATICS AB;
展开▼

申请/专利号US201514623311
发明设计人 PABLO GIAMBIAGI;ERIK RISSANEN;TRAVIS SPENCER;
展开▼

申请日2015-02-16
分类号H04L29/06;
国家 US
入库时间 2022-08-21 15:27:02

相似文献

专利
外文文献
中文文献