本文選題：角色訪問(wèn)控制 + 邏輯安全組�。� 參考：《曲阜師范大學(xué)》2015年碩士論文

【摘要】：人們對(duì)訪問(wèn)控制技術(shù)的探索已擁有很長(zhǎng)的歷史,各種訪問(wèn)控制模型層出不窮。伴隨當(dāng)今互聯(lián)網(wǎng)技術(shù)、電子技術(shù)、無(wú)線網(wǎng)絡(luò)技術(shù)以及分布式網(wǎng)絡(luò)技術(shù)的逐漸成熟,物聯(lián)網(wǎng)和云計(jì)算等新一波技術(shù)浪潮正席卷而來(lái),構(gòu)成了今天規(guī)模巨大而混雜的泛化WEB服務(wù)網(wǎng)絡(luò)環(huán)境。網(wǎng)絡(luò)系統(tǒng)發(fā)展的越快,其威脅也相應(yīng)增多。生存于如此龐大的網(wǎng)絡(luò)環(huán)境下的應(yīng)用系統(tǒng)的脆弱性在所難免,如何保證信息系統(tǒng)的安全一直是長(zhǎng)期備受關(guān)注的問(wèn)題。訪問(wèn)控制技術(shù)的思想和方法以其強(qiáng)大的安全保護(hù)能力廣泛應(yīng)用于網(wǎng)絡(luò)信息系統(tǒng)的各個(gè)領(lǐng)域,針對(duì)不同的網(wǎng)絡(luò)環(huán)境出現(xiàn)了各種適用于特定網(wǎng)絡(luò)環(huán)境下的訪問(wèn)控制模型。然而,單獨(dú)使用一種訪問(wèn)控制模型已經(jīng)不能適用于當(dāng)今開(kāi)放式、大規(guī)模的web服務(wù)網(wǎng)絡(luò)環(huán)境,特別是當(dāng)今分布式、移動(dòng)性、云等各種計(jì)算模式的興起,對(duì)細(xì)粒度、全面約束、多級(jí)安全的訪問(wèn)控制模型的研究提出了更高的要求。為了建立一個(gè)具備更全面約束能力、多級(jí)安全的訪問(wèn)控制模型,本文采用RBAC與ABAC、基于時(shí)態(tài)的訪問(wèn)模型相結(jié)合的思想對(duì)傳統(tǒng)的基于角色的訪問(wèn)控制模型進(jìn)行改進(jìn)與擴(kuò)展,充分考慮了時(shí)間屬性約束,提出了一個(gè)新的基于角色的訪問(wèn)控制模型�；诮巧脑L問(wèn)控制模型在當(dāng)今復(fù)雜大型系統(tǒng)的應(yīng)用中存在著授權(quán)機(jī)制不夠靈活、授權(quán)模式單一、角色劃分粒度不夠細(xì)致、角色靈活性差、不能支持對(duì)時(shí)間敏感的應(yīng)用等的不足,本文對(duì)其進(jìn)行如下幾方面的改進(jìn):1.對(duì)基于角色的訪問(wèn)控制模型中的用戶(hù)角色、會(huì)話、權(quán)限等元素添加時(shí)間屬性約束,設(shè)計(jì)適用于時(shí)間敏感的應(yīng)用系統(tǒng)的訪問(wèn)控制模型。2.采用密級(jí)管理,實(shí)現(xiàn)用戶(hù)、角色、權(quán)限以及文件的分級(jí)管理,將用戶(hù)、角色以及文件密級(jí)分級(jí)對(duì)應(yīng),構(gòu)建以密級(jí)劃分的多級(jí)安全系統(tǒng),解決粗粒度的角色劃分。3.采用分級(jí)授權(quán)、自主授權(quán)、群組授權(quán)相結(jié)合的授權(quán)方式,提出授權(quán)模板概念,解決授權(quán)的重復(fù)問(wèn)題,備份授權(quán)機(jī)制,簡(jiǎn)化授權(quán)流程,以提高授權(quán)效率。4.提出邏輯安全組概念對(duì)角色概念加以擴(kuò)充,邏輯安全組可以臨時(shí)被建立并在任務(wù)完成后被解散,以此解決臨時(shí)授權(quán)問(wèn)題,提高角色的靈活性。本文最后闡述了以上提出的模型在文檔安全防護(hù)系統(tǒng)中的應(yīng)用。另外,考慮到訪問(wèn)控制模型中不可避免的授權(quán)策略沖突問(wèn)題,給出了一種適合于所改進(jìn)的模型的沖突解決方法。
[Abstract]:The exploration of access control technology has a long history, and various access control models emerge in endlessly. With the maturity of Internet technology, electronic technology, wireless network technology and distributed network technology, a new wave of technology, such as Internet of things and cloud computing, is coming. Constitute today's large and hybrid WEB services network environment. The faster the network system develops, the more its threat will increase. It is hard to avoid the vulnerability of the application system in such a huge network environment. How to ensure the security of information system has always been a problem of concern for a long time. The idea and method of access control technology is widely used in various fields of network information system with its powerful security protection ability. For different network environment, there are various access control models suitable for specific network environment. However, using an access control model alone can no longer be applied to today's open, large-scale web service network environment, especially the rise of distributed, mobility, cloud and other computing modes, which is constrained by fine grained and comprehensive constraints. The research of multilevel security access control model puts forward higher requirements. In order to establish an access control model with more comprehensive constraint ability and multi-level security, this paper improves and extends the traditional role-based access control model with the idea of combining RBAC with ABAC and temporal access model. A new role-based access control model is proposed considering the time attribute constraints. In the application of role-based access control model in complex large-scale systems, the authorization mechanism is not flexible enough, the authorization mode is single, the granularity of role partition is not detailed, and the flexibility of role is poor. Can not support the shortcomings of time-sensitive applications and so on, this paper makes the following improvements in the following aspects: 1. Add time attribute constraints to user role, session, permission and other elements in role-based access control model, and design an access control model .2. which is suitable for time-sensitive application system. This paper adopts the management of secret level to realize the hierarchical management of users, roles, permissions and files, and to construct a multi-level security system based on the classification of users, roles and files, so as to solve the problem of coarse-grained role partitioning. With the combination of hierarchical authorization, autonomous authorization and group authorization, the concept of authorization template is put forward to solve the repeated authorization problem, backup authorization mechanism and simplify authorization process, so as to improve the efficiency of authorization. The concept of logical security group is proposed to extend the concept of role. Logical security group can be temporarily established and disbanded after the task is completed, so as to solve the problem of temporary authorization and improve the flexibility of role. At the end of this paper, the application of the above model in the document security protection system is described. In addition, considering the inevitable conflict of authorization policy in the access control model, a conflict resolution method suitable for the improved model is presented.
【學(xué)位授予單位】：曲阜師范大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 唐為民;彭雙和;韓臻;沈昌祥;;一種基于角色的強(qiáng)制訪問(wèn)控制模型[J];北京交通大學(xué)學(xué)報(bào);2010年02期

2 劉正紅;;帶有時(shí)間約束的角色訪問(wèn)控制研究[J];電子世界;2012年16期

3 李雙;;一種擴(kuò)展的基于角色的訪問(wèn)控制模型[J];計(jì)算機(jī)工程與應(yīng)用;2012年19期

4 李秋敬;劉廣亮;謝圣獻(xiàn);張沙沙;段海霞;許宏偉;;基于時(shí)間約束的角色訪問(wèn)控制模型研究[J];計(jì)算機(jī)技術(shù)與發(fā)展;2009年08期

相關(guān)碩士學(xué)位論文 前1條

1 王若曾;基于信任評(píng)估的虛擬機(jī)訪問(wèn)控制機(jī)制[D];北京工業(yè)大學(xué);2012年

，

本文編號(hào)：1952713