Towards a Logical Framework of Composing Attribute-based Access Control Policies
基于属性的访问控制策略逻辑融合框架研究

In multi-domain environment, the composition of access control policies is the key for aggregated resources when several domains are organized to form a new one. To formally express the composition and guarantee the correctness,a logical framework of composing policies was proposed. The framework is described at the attribute level. It not only fertilizes the existing algebraic models but also can express the dynamic composing scenery which they don't support, Several examples were introduced to demonstrate its expressing ability. The framework involves a logic deduction system which is sound. Based on the system, a compound policy can be formally verified whether it meets each party's protection needs. At last, how to evaluate a compound policy for an access request to some aggregated resource was dis- cussed.