中文摘要：

提出了一种基于一阶逻辑的安全策略管理框架．首先，研究安全策略的语法和语义，给出将安全策略转换成扩展型逻辑程序的算法，进而构造出安全策略基本查询算法；其次，给出将安全策略复杂查询转换成基本查询的算法，进而构造出安全策略验证算法．在良基语义下，上述算法是可终止的、可靠的和完备的，且计算复杂度都是多项式级的．该框架可以在统一的良基语义下实现安全策略表达、语义查询和验证，保证安全策略验证的有效性．此外，该框架不仅兼容现有主流的安全策略语言，还能够管理具有非单调和递归等高级特性的安全策略．

英文摘要：

This study proposes a logic-based security policy framework. First, the study proposes the security policy syntax and semantic. Next, four algoritms are proposed to transfer first-order logic based security policies into extended logic programs to evaluate queries with simple goals, to transfer complex queries into simple ones, and to verify security policies against complex security properties. Under well-founded semantics, all the algorithms are sound and completed, and their computational complexities are polynomial. In this framework, security policy declaration, evaluation and verification are executed under the same semantics, which is significant for security policy management. Furthmore, the framework can manage the security policies with advanced features, such as non-mbnotony and recursion, which is not supported in many existent security policy management frameworks.