计算机科学 ›› 2020, Vol. 47 ›› Issue (5): 313-318.doi: 10.11896/jsjkx.190800051

• 信息安全 • 上一篇    

可抵御内部威胁的角色动态调整算法

潘恒1, 李景峰2, 马君虎3   

  1. 1 中原工学院前沿信息技术研究院 郑州450007
    2 战略支援部队信息工程大学 郑州450001
    3 空军93010部队 沈阳110016
  • 收稿日期:2019-08-12 出版日期:2020-05-15 发布日期:2020-05-19
  • 通讯作者: 李景峰(lee_jingfeng@163.com)
  • 基金资助:
    河南省高等学校重点基础研究计划项目(19A520047);中原工学院自主创新应用研究项目(K2018YY017)

Role Dynamic Adjustment Algorithm for Resisting Insider Threat

PAN Heng1, LI Jing feng2, MA Jun hu3   

  1. 1 Research Institute of Advanced Information Technology,Zhongyuan University of Technology,Zhengzhou 450007,China
    2 PLA Information Engineering University,Zhengzhou 450001,China
    3 PLA Air Force 93010 Unit,Shenyang 110016,China
  • Received:2019-08-12 Online:2020-05-15 Published:2020-05-19
  • About author:PAN Heng,born in 1977,Ph.D,associa-te professor,is a member of China Computer Federation.Her main research interests include Security risk assessment of information System,Network security situation awareness and blockchain technology.
    LI Jing-feng,born in 1977,Ph.D,asso-ciate professor.His main research interests include information system security technologies and information security guarantee.
  • Supported by:
    This work was supported by the Foundation of Priority Fundamental Research Project of Institutions of Higher Education of Henan Province,China (19A520047) and Foundation of Independent Innovation Application Research of Zhongyuan University of Technology,China(K2018YY017).

摘要: 业务流程、信息基础设施等的变化会造成当前角色定义出现偏差,使得组织易遭受内部威胁。基于定时、合理改变组织内部角色集合的防御思路,提出了一种角色动态调整算法(Role Dynamic Ajusting,RDA)。该算法定义了带有调整参数的目标函数,以平衡考虑用户权限实际使用数据以及系统管理员专家知识;基于启发式搜索策略和子集结对操作得到一组候选角色;使用启发式函数计算角色分值,按照角色分值的高低对候选角色集进行删选,得到符合角色质量要求的调整角色集;以降低角色冗余度为目标,使用调整角色集为系统用户重新分配角色,得到新的系统角色配置。基于某医院管理系统日志的实验结果表明,RDA算法可有效调节目标组织系统的角色集,为抵御内部威胁打下良好基础。

关键词: 动态调整, 基于角色的访问控制, 内部威胁, 启发式搜索策略, 一类支持向量机

Abstract: Due to derivations in current role definition from the changes of the bossiness process and information infrastructure,organizations are vulnerable to internal threat.A role dynamic adjustment algorithm is proposed based on the defensive idea of changing the set of roles within the organization regularly and reasonably.The algorithm defines an objective function with adjusting parameters to balance the two elements,which are the user privilege actual use data and the system administrator expert knowledge.Based on heuristic search strategy and sub-set pairing technique,a group of candidate roles are obtained.From these roles,a set of adjusting roles which can achieve a predefined score are obtained,by using a certain heuristic function.Finally,in order to reduce role redundancy,the users of the organization are reassign the roles from the adjusting roles,so getting a new Role-Based Access Control(RBAC) configuration.By using the audit logs from a hospital management system,the performance of the RDA is analyzed.The experimental results show that the proposed algorithm can efficiently adjust the RBAC configuration for the special organization,so it can provide concrete base for resisting the insider threats.

Key words: Dynamic adjustment, Heuristic search strategy, Insider threats, One class support vector machine, Role based access control

中图分类号: 

  • TP191
[1]WANG G F,LIU C Y,PAN H Z,et al.Survey on InsiderThreats to Cloud Computing [J].Chinese Journal of Compu-ters,2017,40(2):296-316.
[2]POVEY D.Optimistic security:A new access control paradigm[C]//Proceedings of the 1999 Workshop on New Security Paradigms.New York:ACM,1999:40-45.
[3]COYNE E J.Role engineering [C]//Proceedings of the First ACM Work Shop on Role Based Access Control.New York:ACM,1996.
[4]ZHOU C,REN Z Y,WU W C.Semantic Roles Mining Algorithms Based on Formal Concept Analysis [J].Computer Science,2018,45(12):117-122,129.
[5]ZHANG L,ZHANG H L,HAN D J,et al.The Theory and Algorithm for Roles Minimization Problem in RBAC Based on Concept Lattice [J].Acta Electronica Sinica,2014,42(12):2371-2378.
[6]ZHAI Z G,WANG J D,CAO Z N,et al.Hybrid Role Mining Methods with Minimal Perturbation [J].Journal of Computer Research and Development,2013,50(5):951-960.
[7]SANDHU R S,COYNEE J,FEINSTEINH L,et al.Role-based Access Control models [J].Computer,1999,29(2):38-47.
[8]ZHANG D,EBRINGER T,RAMAMOHANARAO K.Role Engineering Using Graph Optimization[C]//Proceedings of The 10th ACM Symposium on Access Control Models and Technologies.New York:ACM,2017:139-144.
[9]HAVELIWALA T H,GIONIS A,KLEIN D D,et al.Evaluating Strategies for Similarity Search on the Web[C]//Proceedings of the 11th International Conference on the World Wide Web.New York:ACM,2002:432-442.
[10]SCHAAD A,MOFFETT J,JACOB J.The Role-based Access Control System of a European Bank:a Case Study and Discussion [C]//Proceedings of the 6th ACM Symposium on Access Control Models and Technologies.New York: ACM,2001:3-9.
[11]GAREY M R,DAVID S J.Computers and Intractability:AGuide to the Theory of NP-Completeness [M].New York:W.H.Freeman and Company,1990:320-334.
[12]SANDHU R S.Lattice-based Access Control Models [J].IEEE Computer,1993,26(11):9-19.
[13]CLAESEN M,DE SMET F,SUYKENS J A K,et al.EnsembleSVM:A Library for Ensemble Learning Using Support Vector Machines[J].Journal of Machine Learning Research,2014,15(1):141-145.
[14]MOLLOY I,PARK Y,CHARI S.Generative Models for Access Control Policies:Applications to Role Mining Over Logs with Attribution[C]//Proceedings of the 17th ACM SACMAT.New York:ACM,2012:45-56.
[1] 侯春萍, 赵春月, 王致芃.
基于自反馈最优子类挖掘的视频异常检测算法
Video Abnormal Event Detection Algorithm Based on Self-feedback Optimal Subclass Mining
计算机科学, 2021, 48(7): 199-205. https://doi.org/10.11896/jsjkx.200800146
[2] 钟雅,郭渊博,刘春辉,李涛.
内部威胁检测中用户属性画像方法与应用
User Attributes Profiling Method and Application in Insider Threat Detection
计算机科学, 2020, 47(3): 292-297. https://doi.org/10.11896/jsjkx.190200379
[3] 王一丰, 郭渊博, 李涛, 孔菁.
小样本下未知内部威胁检测的方法研究
Method for Unknown Insider Threat Detection with Small Samples
计算机科学, 2019, 46(11A): 496-501.
[4] 董红斌,李冬锦,张小平.
一种动态调整惯性权重的粒子群优化算法
Particle Swarm Optimization Algorithm with Dynamically Adjusting Inertia Weight
计算机科学, 2018, 45(2): 98-102. https://doi.org/10.11896/j.issn.1002-137X.2018.02.017
[5] 张彬,朱嘉钢.
基于类内散度的粗糙one-class支持向量机
Rough Set One-class Support Vector Machine Based on Within-class Scatter
计算机科学, 2016, 43(12): 135-138. https://doi.org/10.11896/j.issn.1002-137X.2016.12.024
[6] 张新明,尹欣欣,冯梦清.
动态高斯变异和随机变异融合的自适应细菌觅食优化算法
Adaptive Bacterial Foraging Optimization Algorithm Based on Dynamic Gaussian Mutation and Random One for High Dimensional Functions
计算机科学, 2015, 42(6): 101-106. https://doi.org/10.11896/j.issn.1002-137X.2015.06.023
[7] 田浩兵,朱嘉钢,陆 晓.
基于特征贡献度加权高斯核函数的粗糙one-class支持向量机
WFCD-based Rough Set One-class Support Vector Machine
计算机科学, 2015, 42(6): 239-242. https://doi.org/10.11896/j.issn.1002-137X.2015.06.050
[8] 熊厚仁,陈性元,张 斌,杨 艳.
基于RBAC的授权管理安全准则分析与研究
Security Principles for RBAC-based Authorization Management
计算机科学, 2015, 42(3): 117-123. https://doi.org/10.11896/j.issn.1002-137X.2015.03.024
[9] 王丛佼,王锡淮,肖健梅.
基于动态自适应策略的改进差分进化算法
Improved Differential Evolution Algorithm Based on Dynamic Adaptive Strategies
计算机科学, 2013, 40(11): 265-270.
[10] 刘强 王磊 何琳.
RBAC模型研究历程中的系列问题分析
Research on a Series of Problems in RBAC Model
计算机科学, 2012, 39(11): 13-18.
[11] 李 寒,郭 禾,王宇新,陆国际,杨元生.
用基于RBAC的方法集成遗产系统的访问控制策略
Using RBAC-based Approach to Integrate Access Control Policies in Legacy Systems
计算机科学, 2011, 38(7): 126-129.
[12] 纪文倩,李舟军,巢文涵,陈小明.
一种基于LexRank算法的改进的自动文摘系统
Automatic Abstracting System Based on Improved LexRank Algorithm
计算机科学, 2010, 37(5): 151-154.
[13] 封孝生,黎湘运,孙扬,张维明.
基于多亲树的RBAC角色可视化管理
Facilitating Role Management in RBAC:Using Multi-parents Tree
计算机科学, 2010, 37(12): 47-52.
[14] 王辉,贾宗璞,申自浩,卢碧波.
基于信息流的多级安全策略模型研究
Research of Multi-level Security Policy Model Based on Information Flow
计算机科学, 2010, 37(1): 75-78.
[15] 邓勇,张琳,王汝传,张梅.
网格计算中基于信任度的动态角色访问控制的研究
Research on Dynamic Role-based Access Control Based on Trust Mechanism in Grid Environment
计算机科学, 2010, 37(1): 51-54.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!