Research On Multi-domain Policy Integration Mechanism Based On Attribute

With the development of the Internet, especially cloud computing anddistributed systems application, local security access model has not been able tosatisfy the new trend of the application, and then a large number of distributedcollaborative theories are emerging. In the multi-domain environment, eachorganization is equivalent to an autonomous domain, has separate access controlpolicy and technique, the so-called interoperability is to interoperate withsecurity access between domains and resource sharing. Due to the complexityand polymorphism of the distributed scene, attribute based authorization hasbeen the research focus with the development of the extensible access controlmarkup language (XACML). Attribute based access control is a fine-grainedaccess control mechanism that directly take the entity attributes as the parameters,which is more flexible and scalable.In this paper, we propose an attribute based algebra for policy integration—Binary String Set (BSset). The policy is converted into algebraic pattern bydefining new binary string/binary string set and constructing a new set ofoperation rules. By deriving the semantic operators and formulating the policiescomposition as expressions of the algebra, a BSset based algebraic access controlmodel is set. This model is proposed for the way by merging the algebraic modelwith the implementation mechanism, which can be implemented without logictransfer module by contrast to the traditional algebraic model.Then, our BSset based algebra is applied to the strategy of the policyanalysis before policy integration, and also applied to the detection of the policyconflict after policy integration. We propose an attribute-query based policyanalytic algorithm so as to select relevant policies before policy integration, andpropose a semantic-analysis based policy detective algorithm to figure out the conflicts existing in the integrated policies. Hence, we provide a better BSsetbased algebraic framework for policy integration. Compared with others, ourpolicy integration algebraic framework has two more function with bettereffectiveness and performance, and provides a promising approach for newapplications.Finally, for our policy integration algrebraic architecture, we design asimulation system based on Java implementation. Our system uses XACMLprofile on sun.xacml platform as the basic policy description, then implementsthe main parts of the attribute-based access control architecture, including BSsetbased policy integration、similarity analysis and conflict detection algorithm.Furthermore, we give an example as demostration.