计算机科学

计算机科学 ›› 2017, Vol. 44 ›› Issue (11): 134-145.doi: 10.11896/j.issn.1002-137X.2017.11.021

• 2016 年全国软件与应用学术会议 • 上一篇    下一篇

XACML的移动应用安全策略及测试方法

曹宛恬,于鹏飞   

  1. 全球能源互联网研究院信息通信研究所 南京210003信息网络安全国网重点实验室 南京210003,全球能源互联网研究院信息通信研究所 南京210003信息网络安全国网重点实验室 南京210003
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受面向电力移动终端的应用测试技术研究(5455HT150029)资助

Mobile Application Security Policies and Testing Research on XACML

CAO Wan-tian and YU Peng-fei   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

843

摘要: 随着移动互联网技术的发展,具有计算功能的移动终端被大量部署,并在大量移动应用的支撑下完成各项任务;愈来愈多的企业允许员工带着他们的个人设备进入工作环境(BYOD模式)。但不同的人员有不同的角色,不同的资源有不同的访问权限,敏感资源一旦被泄露,将可能给企业带来重大的损失。因此,要想全面支持BYOD,保障数据和系统的安全,需要相应移动应用对敏感资源的访问控制进行明确的规定,并在移动应用运行过程中执行。XACML是访问控制策略的统一描述语言,但目前还未见其对移动应用和BYOD的支持。提出基于XACML语言描述移动应用的访问控制策略,研究XACML访问控制策略的测试方法;在此基础上,面向BYOD,针对Android平台上的项目管理APP进行了实例研究,结果展示了所提方法的有效性。

关键词: BYOD,安全,访问控制,XACML,策略

Abstract: With the development of mobile Internet technology,the mobile terminals that have the ability to compute are deployed in great quantities.They can complete various tasks with the support of a large number of mobile applications.More and more companies allow employees to bring their own devices into the work environment,and this can be called BYOD (Bring Your Own Device).But different people have different characters,and different resources have different access permissions.The leak of sensitive resources will lead to significant losses of the enterprise.If BYOD wants to be supported perfectly,it is important to ensure the security of data and system.The access control rules that are defined for access to sensitive resources from the corresponding mobile applications need to be clearly and to be implemented in the running process of mobile applications.XACML is an unified description language of access control policies.Until now,it is unable to support mobile applications and BYOD.In this paper,we proposed a study method of testing XACML policies based on that XACML can describe access control policies of mobile applications.We conducted a case studywith a project management app facing BYOD on the Android platform and showed the validity of our method.

Key words: BYOD,Security,Access control,XACML,Policy

[1] We Are Social.http://wearesocial.net.
[2] BYOD:Bring your own device.http://www.ibm.com/mobilefirst/us/en/bring-your-own-device/byod.html.
[3] RISSANEN E.extensible access control markup language (xacml) version 3.0.http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-en.html.
[4] XPTester:XACML Policy Tester.http://seg.nju.edu.cn/XPTester.
[5] SANDHU R S,SAMARATI P.Access control:principle and practice[J].Communications Magazine,IEEE,1994,32(9):40-48.
[6] FERRAIOLO D F,SANDHU R,GAVRILA S,et al.Proposed NIST standard for role-based access control[J].ACM Transactions on Information and System Security (TISSEC),2001,4(3):224-274.
[7] FERRAIOLO D,KUHN D R,CHANDRAMOULI R.Role-based access control[M].Artech House,2003.
[8] SANDHU R S,COYNE E J,FEINSTEIN H L,et al.Role-based access control models[J].Computer,1996,29(2):38-47.
[9] GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]∥Proceedings of the 13th ACM conference on Computer and communications security.ACM,2006:89-98.
[10] OASIS.https://www.oasis-open.org/cn.
[11] XML安全:使用XACML控制信息访问.http://www.ibm.com/developerworks/cn/xml/x-xacml.
[12] 李刚.疯狂Android讲义(第2版)[M].北京:电子工业出版社,2013.
[13] Android Developers.http://developer.android.com/in-dex.html.
[14] “Balana” The Open source XACML 3.0 implementation.http://xacmlinfo.org/2012/08/16/balana-the-open-source-xacml-3-0-implementation.
[15] XACML-Editor.http://sourceforge.net/projects/umu-xacmleditor.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发