计算机科学 ›› 2020, Vol. 47 ›› Issue (5): 313-318.doi: 10.11896/jsjkx.190800051
• 信息安全 • 上一篇
潘恒1, 李景峰2, 马君虎3
PAN Heng1, LI Jing feng2, MA Jun hu3
摘要: 业务流程、信息基础设施等的变化会造成当前角色定义出现偏差,使得组织易遭受内部威胁。基于定时、合理改变组织内部角色集合的防御思路,提出了一种角色动态调整算法(Role Dynamic Ajusting,RDA)。该算法定义了带有调整参数的目标函数,以平衡考虑用户权限实际使用数据以及系统管理员专家知识;基于启发式搜索策略和子集结对操作得到一组候选角色;使用启发式函数计算角色分值,按照角色分值的高低对候选角色集进行删选,得到符合角色质量要求的调整角色集;以降低角色冗余度为目标,使用调整角色集为系统用户重新分配角色,得到新的系统角色配置。基于某医院管理系统日志的实验结果表明,RDA算法可有效调节目标组织系统的角色集,为抵御内部威胁打下良好基础。
中图分类号:
[1]WANG G F,LIU C Y,PAN H Z,et al.Survey on InsiderThreats to Cloud Computing [J].Chinese Journal of Compu-ters,2017,40(2):296-316. [2]POVEY D.Optimistic security:A new access control paradigm[C]//Proceedings of the 1999 Workshop on New Security Paradigms.New York:ACM,1999:40-45. [3]COYNE E J.Role engineering [C]//Proceedings of the First ACM Work Shop on Role Based Access Control.New York:ACM,1996. [4]ZHOU C,REN Z Y,WU W C.Semantic Roles Mining Algorithms Based on Formal Concept Analysis [J].Computer Science,2018,45(12):117-122,129. [5]ZHANG L,ZHANG H L,HAN D J,et al.The Theory and Algorithm for Roles Minimization Problem in RBAC Based on Concept Lattice [J].Acta Electronica Sinica,2014,42(12):2371-2378. [6]ZHAI Z G,WANG J D,CAO Z N,et al.Hybrid Role Mining Methods with Minimal Perturbation [J].Journal of Computer Research and Development,2013,50(5):951-960. [7]SANDHU R S,COYNEE J,FEINSTEINH L,et al.Role-based Access Control models [J].Computer,1999,29(2):38-47. [8]ZHANG D,EBRINGER T,RAMAMOHANARAO K.Role Engineering Using Graph Optimization[C]//Proceedings of The 10th ACM Symposium on Access Control Models and Technologies.New York:ACM,2017:139-144. [9]HAVELIWALA T H,GIONIS A,KLEIN D D,et al.Evaluating Strategies for Similarity Search on the Web[C]//Proceedings of the 11th International Conference on the World Wide Web.New York:ACM,2002:432-442. [10]SCHAAD A,MOFFETT J,JACOB J.The Role-based Access Control System of a European Bank:a Case Study and Discussion [C]//Proceedings of the 6th ACM Symposium on Access Control Models and Technologies.New York: ACM,2001:3-9. [11]GAREY M R,DAVID S J.Computers and Intractability:AGuide to the Theory of NP-Completeness [M].New York:W.H.Freeman and Company,1990:320-334. [12]SANDHU R S.Lattice-based Access Control Models [J].IEEE Computer,1993,26(11):9-19. [13]CLAESEN M,DE SMET F,SUYKENS J A K,et al.EnsembleSVM:A Library for Ensemble Learning Using Support Vector Machines[J].Journal of Machine Learning Research,2014,15(1):141-145. [14]MOLLOY I,PARK Y,CHARI S.Generative Models for Access Control Policies:Applications to Role Mining Over Logs with Attribution[C]//Proceedings of the 17th ACM SACMAT.New York:ACM,2012:45-56. |
[1] | 侯春萍, 赵春月, 王致芃. 基于自反馈最优子类挖掘的视频异常检测算法 Video Abnormal Event Detection Algorithm Based on Self-feedback Optimal Subclass Mining 计算机科学, 2021, 48(7): 199-205. https://doi.org/10.11896/jsjkx.200800146 |
[2] | 钟雅,郭渊博,刘春辉,李涛. 内部威胁检测中用户属性画像方法与应用 User Attributes Profiling Method and Application in Insider Threat Detection 计算机科学, 2020, 47(3): 292-297. https://doi.org/10.11896/jsjkx.190200379 |
[3] | 王一丰, 郭渊博, 李涛, 孔菁. 小样本下未知内部威胁检测的方法研究 Method for Unknown Insider Threat Detection with Small Samples 计算机科学, 2019, 46(11A): 496-501. |
[4] | 董红斌,李冬锦,张小平. 一种动态调整惯性权重的粒子群优化算法 Particle Swarm Optimization Algorithm with Dynamically Adjusting Inertia Weight 计算机科学, 2018, 45(2): 98-102. https://doi.org/10.11896/j.issn.1002-137X.2018.02.017 |
[5] | 张彬,朱嘉钢. 基于类内散度的粗糙one-class支持向量机 Rough Set One-class Support Vector Machine Based on Within-class Scatter 计算机科学, 2016, 43(12): 135-138. https://doi.org/10.11896/j.issn.1002-137X.2016.12.024 |
[6] | 张新明,尹欣欣,冯梦清. 动态高斯变异和随机变异融合的自适应细菌觅食优化算法 Adaptive Bacterial Foraging Optimization Algorithm Based on Dynamic Gaussian Mutation and Random One for High Dimensional Functions 计算机科学, 2015, 42(6): 101-106. https://doi.org/10.11896/j.issn.1002-137X.2015.06.023 |
[7] | 田浩兵,朱嘉钢,陆 晓. 基于特征贡献度加权高斯核函数的粗糙one-class支持向量机 WFCD-based Rough Set One-class Support Vector Machine 计算机科学, 2015, 42(6): 239-242. https://doi.org/10.11896/j.issn.1002-137X.2015.06.050 |
[8] | 熊厚仁,陈性元,张 斌,杨 艳. 基于RBAC的授权管理安全准则分析与研究 Security Principles for RBAC-based Authorization Management 计算机科学, 2015, 42(3): 117-123. https://doi.org/10.11896/j.issn.1002-137X.2015.03.024 |
[9] | 王丛佼,王锡淮,肖健梅. 基于动态自适应策略的改进差分进化算法 Improved Differential Evolution Algorithm Based on Dynamic Adaptive Strategies 计算机科学, 2013, 40(11): 265-270. |
[10] | 刘强 王磊 何琳. RBAC模型研究历程中的系列问题分析 Research on a Series of Problems in RBAC Model 计算机科学, 2012, 39(11): 13-18. |
[11] | 李 寒,郭 禾,王宇新,陆国际,杨元生. 用基于RBAC的方法集成遗产系统的访问控制策略 Using RBAC-based Approach to Integrate Access Control Policies in Legacy Systems 计算机科学, 2011, 38(7): 126-129. |
[12] | 纪文倩,李舟军,巢文涵,陈小明. 一种基于LexRank算法的改进的自动文摘系统 Automatic Abstracting System Based on Improved LexRank Algorithm 计算机科学, 2010, 37(5): 151-154. |
[13] | 封孝生,黎湘运,孙扬,张维明. 基于多亲树的RBAC角色可视化管理 Facilitating Role Management in RBAC:Using Multi-parents Tree 计算机科学, 2010, 37(12): 47-52. |
[14] | 王辉,贾宗璞,申自浩,卢碧波. 基于信息流的多级安全策略模型研究 Research of Multi-level Security Policy Model Based on Information Flow 计算机科学, 2010, 37(1): 75-78. |
[15] | 邓勇,张琳,王汝传,张梅. 网格计算中基于信任度的动态角色访问控制的研究 Research on Dynamic Role-based Access Control Based on Trust Mechanism in Grid Environment 计算机科学, 2010, 37(1): 51-54. |
|