计算机科学 ›› 2015, Vol. 42 ›› Issue (4): 123-126.doi: 10.11896/j.issn.1002-137X.2015.04.024
阿不都艾尼·阿不都西库尔,开依沙尔·热合曼,努尔买买提·黑力力
Abdugheni ABDUXUKUR, Kaysar RAHMAN and Nurmamat HELIL
摘要: 约束是访问控制中的重要因素,它通过限制客体的敏感组合集中于相似主体来达到防止商业欺骗或错误的目的。但是传统访问控制约束缺乏灵活性。为了提高约束的灵活性,首先分析访问控制中的主体与客体各自内部之间潜在的关系以及它们相互之间的关系,并提出相似主体组的概念,在此基础上提出修正的访问控制约束。其次进行主体访问客体的实验,结果表明提出的约束是可行和灵活的。修正的约束除了具有传统访问控制约束的功能外,还能有效防止相似主体共谋攻击系统。
[1] Crampton J.Specifying and enforcing constraints in role-basedaccess control[C]∥Proceedings of the eighth ACM symposium on Access control models and technologies.ACM,2003:43-50 [2] Brewer D F C,Nash M J.The chinese wall security policy[C]∥Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy.1989:215-228 [3] Ma X P,Li R X,Lu Z D,et al.Mining constraints in role-based access control[J].Mathematical and Computer Modelling,2012,55(1):87-96 [4] Ahn G J,Sandhu R.Role-based authorization constraints specification[J].ACM Transactions on Information and System Securi-ty (TISSEC),2000,3(4):207-226 [5] Sandhu R S,Coynek E J,Feinsteink H L,et al.Role-Based Access Control Models[J].IEEE computer,1996,29(2):38-47 [6] INCITS A.INCITS 359-2004,American national standard forinformation technology,role based access control[S].NewYork:ANSI INCITS,2004 [7] Helil N,Kim M,Han S.Trust and Risk based Access Controland Access Control Constraints[J].KSII Transactions on Internet & Information Systems,2011,5(11):2254-2271 [8] Sharifi A,Tripunitara M V.Least-restrictive enforcement of the Chinese wall security policy[C]∥Proceedings of the 18th ACM Ssymposium on Access Control Models and Technologies.ACM,2013:61-72 [9] Bijon K Z,Krishman R,Sandhu R.Constraints Specication inAttribute Based Access Control[J].Science,2013,2(3):131-144 [10] Tsai T H,Chen Y C,Huang H C,et al.A practical chinese wall security model in cloud computing[C]∥2011 13th Asia-Pacific Network Operations and Management Symposium (APNOMS).IEEE,2011:1-4 [11] 何永忠,李晓峰,冯登国.RBAC 实施中国墙策略及其变种的研究[J].计算机研究与发展,2007,44(4):615-622 [12] 张毅辉,梁久祯.侵略型中国墙安全模型的 RBAC 配置的扩展研究[J].计算机工程与应用,2010,46(29):114-116 [13] Priebe T,Fernandez E B,Mehlau J I,et al.A pattern system for access control[M]∥Research Directions in Data and Applications Security XVIII.Springer US,2004:235-249 [14] Baracaldo N,Joshi J.A trust-and-risk aware rbac framework:tackling insider threat[C]∥Proceedings of the 17th ACM symposium on Access Control Models and Technologies.ACM,2012:167-176 [15] Chari S,Lobo J,Molloy I.Practical risk aggregation in rbacmodels[C]∥Proceedings of the 17th ACM symposium on Access Control Models and Technologies.ACM,2012:117-118 [16] Palla G,Derényi I,Farkas I,et al.Uncovering the overlapping community structure of complex networks in nature and society[J].Nature,2005,435(7043):814-818 [17] Farkas I,ábel D,Palla G,et al.Weighted network modules[J].New Journal of Physics,2007,9(6):180 |
No related articles found! |
|