计算机科学 ›› 2017, Vol. 44 ›› Issue (11): 134-145.doi: 10.11896/j.issn.1002-137X.2017.11.021
曹宛恬,于鹏飞
CAO Wan-tian and YU Peng-fei
摘要: 随着移动互联网技术的发展,具有计算功能的移动终端被大量部署,并在大量移动应用的支撑下完成各项任务;愈来愈多的企业允许员工带着他们的个人设备进入工作环境(BYOD模式)。但不同的人员有不同的角色,不同的资源有不同的访问权限,敏感资源一旦被泄露,将可能给企业带来重大的损失。因此,要想全面支持BYOD,保障数据和系统的安全,需要相应移动应用对敏感资源的访问控制进行明确的规定,并在移动应用运行过程中执行。XACML是访问控制策略的统一描述语言,但目前还未见其对移动应用和BYOD的支持。提出基于XACML语言描述移动应用的访问控制策略,研究XACML访问控制策略的测试方法;在此基础上,面向BYOD,针对Android平台上的项目管理APP进行了实例研究,结果展示了所提方法的有效性。
[1] We Are Social.http://wearesocial.net. [2] BYOD:Bring your own device.http://www.ibm.com/mobilefirst/us/en/bring-your-own-device/byod.html. [3] RISSANEN E.extensible access control markup language (xacml) version 3.0.http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-en.html. [4] XPTester:XACML Policy Tester.http://seg.nju.edu.cn/XPTester. [5] SANDHU R S,SAMARATI P.Access control:principle and practice[J].Communications Magazine,IEEE,1994,32(9):40-48. [6] FERRAIOLO D F,SANDHU R,GAVRILA S,et al.Proposed NIST standard for role-based access control[J].ACM Transactions on Information and System Security (TISSEC),2001,4(3):224-274. [7] FERRAIOLO D,KUHN D R,CHANDRAMOULI R.Role-based access control[M].Artech House,2003. [8] SANDHU R S,COYNE E J,FEINSTEIN H L,et al.Role-based access control models[J].Computer,1996,29(2):38-47. [9] GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]∥Proceedings of the 13th ACM conference on Computer and communications security.ACM,2006:89-98. [10] OASIS.https://www.oasis-open.org/cn. [11] XML安全:使用XACML控制信息访问.http://www.ibm.com/developerworks/cn/xml/x-xacml. [12] 李刚.疯狂Android讲义(第2版)[M].北京:电子工业出版社,2013. [13] Android Developers.http://developer.android.com/in-dex.html. [14] “Balana” The Open source XACML 3.0 implementation.http://xacmlinfo.org/2012/08/16/balana-the-open-source-xacml-3-0-implementation. [15] XACML-Editor.http://sourceforge.net/projects/umu-xacmleditor. |
No related articles found! |
|