| As the progressing of the Internet technology and the growing demand for privacy protection, access control policy based on predicate has caused a large number of researcher attentions which focus on privacy protection and Internet applications. As the access control policy based on the predicate is very flexible and its predicate filters may also be very complex, it brings a great deal of difficulty to policy management. To ensure the predicate-based access control policy deploying in the database management system (DBMS) reasonably, study validation of the policy and conflict and redundancy between policies.Raise a model for predicate-based control policy and define the validation and conflict, redundancy relationship of predicate-based control policies based this model. Study the key of policy analysis is the analysis of its filter, and raise a analysis method based on normalized predicate. According to the analysis of type of filter, raise the definition of normalized predicate, design and implement a predicate normalizing algorithm. By generating supplementary list, solve the symmetry and transmission problem brought by boolean operators. Combination of property of antagonistic predicate and the supplementary list, raise the rules of policy validation analysis. Taking policy conflict for example, for different types of filters, raise a series of conflict detecting rules to detect the conflict relation of the policies.Design the architecture of policy analysis system based on DBMS, which composed of four parts: policy normalization module, policy validation analysis module, policy relationship analysis module and normalized policy cache module. Using DM 6.0 as DBMS platform, we add the policy analysis subsystem in DM 6.0 and do a performance test of predicate-based access control policy analysis algorithm, and to prove the policy analysis has less impact on system performance, and is suitable for large-scale policies checking in DBMS. |
