| In recent years, grid is a gradually rising field in researching. It integrates all kinds of Internet resources into a large and single computer, thereby can reach the goal of sharing resources or collaborative working. It provides each user an easy using and fully sharing operating platform which completely shields the underlying implementation.In order to reach the goal of sharing resources, the security access control must be addressed. However, when network administrators begin to make access control policies, due to many reasons such as careless, may work out conflicting policies. When conflictions are happening, a number of conflicting policy's actions are exclusive from each other, or even completely opposite, management systems will not be able to make the right choices, thereby affect the proper working of the system. So understanding and resolving the confliction in policies has become a priority issue in grid security.In this paper, firstly, I reviewed some relevant knowledge about the grid security policy, described the strategies of putting policy into directed acyclic graph model, summarized two ways of detecting conflictions on the directed acyclic graph model—algorithm based on reachable sets or algorithm based on conflicting sets. Then, underlying the previous studies, I brought about two new algorithms, the first was based on the leaf set, and the second was based on a mechanism of blocking. Then time complexity was analyzed to compare their advantages and limitations in the process. Finally, aimed at comparing four kinds of algorithms, I created some random directed acyclic graphs, made experiences in each and recorded the CPU running time respectively. In above, the experimental results show the correctness and effectiveness about leaf set algorithm and block-based algorithm. |
PDF Full Text Request