本文選題：信息安全 + 訪問控制�。� 參考：《重慶大學》2014年碩士論文

【摘要】：信息技術的迅速發(fā)展和廣泛應用，極大地推動了人類文明的進步。人們在享受信息資源所帶來的巨大便利同時，也面臨著信息安全的嚴峻考驗。信息在介質(zhì)中存儲和傳輸，難免會遭到非法的使用、篡改、泄露和破壞，，導致嚴重的信息安全事故。為了滿足信息安全的需要人們發(fā)展起來了多種信息安全技術手段，訪問控制和安全審計就是解決這些安全事故的重要技術手段之一。隨著網(wǎng)絡信息技術的發(fā)展，信息系統(tǒng)自身的脆弱性日益呈現(xiàn)出來，信息安全技術的缺陷也在應用中日益明顯。單一的安全手段已經(jīng)難以解決不斷出現(xiàn)的信息安全問題，只有結合多種安全技術手段實施更安全更實際的安全方案，才能不斷滿足日益嚴峻的信息安全問題。 以往的信息系統(tǒng)安全模型中，訪問控制機制和安全審計功能都是以單獨的模塊來實現(xiàn)，兩模塊之間關系緊密但又工作透明，難以實現(xiàn)對訪問控制內(nèi)部的用戶權限審計。在訪問控制模型中，由于訪問權限的委托在實際應用中有職能備份、權利下放、工作協(xié)同的特點，是訪問控制模型應用研究的熱點和難點。但是由于與安全審計功能之間的聯(lián)系相對較少，沒有考慮對委托后的安全審計，缺少對委托權限的全方位動態(tài)管理。因此，本文主要從以下幾個方面對問題進行研究： 1.深入研究信息安全模型的相關理論及其各個組件的安全機制，分析訪問控制的主要特性、模型特點，總結不同的訪問控制方式的優(yōu)缺點，并結合安全審計概念及特性，歸納出基于角色的訪問控制模型與安全審計的關聯(lián)。 2.根據(jù)訪問控制和安全審計的分析，從訪問權限委托的概念和特性出發(fā)，主要就委托的深廣度、細粒度和授權方式等方面進行分析，列舉傳統(tǒng)訪問控制領域內(nèi)的委托授權解決方案，對比各種基于角色的委托模型，提出委托在安全審計方面的不足以及實施審計方案的參考模型。 3.將安全審計功能加入到委托模型中，提出一種具有安全審計功能的基于角色的訪問控制委托模型，給出模型形式化的定義，并對模型中安全審計功能進行詳細描述。 4.通過在案例系統(tǒng)中的應用，結合模型進行實踐，利用安全審計功能實現(xiàn)不同場景下委托授權的解決方案。
[Abstract]:The rapid development and wide application of information technology have greatly promoted the progress of human civilization. At the same time, people are faced with the severe test of information security. Information stored and transmitted in media will inevitably be illegally used, tampered with, leaked and destroyed, resulting in serious information security accidents. In order to meet the needs of information security, a variety of information security techniques have been developed. Access control and security audit are one of the important technical means to solve these security accidents. With the development of network information technology, the vulnerability of information system becomes more and more obvious, and the defect of information security technology is becoming more and more obvious in application. It is difficult to solve the problem of information security by a single security means. Only by combining various security techniques to implement a more secure and practical security scheme can we continuously meet the increasingly serious information security problems. In the previous information system security model, the access control mechanism and the security audit function are realized by a single module. The relationship between the two modules is close but the work is transparent, so it is difficult to audit the user rights inside the access control. In the access control model, the delegation of access authority has the characteristics of functional backup, decentralization of power and cooperation of work in practical applications, so it is a hot and difficult point in the application of access control model. However, because of the relatively few links with the security audit function, the security audit after the delegation is not considered, and the omnidirectional dynamic management of the delegation authority is lacking. Therefore, this article mainly carries on the research from the following several aspects: 1. The related theories of information security model and the security mechanism of each component are deeply studied. The main characteristics of access control and the characteristics of the model are analyzed. The advantages and disadvantages of different access control methods are summarized, and the concept and characteristics of security audit are combined. The relationship between role-based access control model and security audit is summarized. 2. According to the analysis of access control and security audit, from the concept and characteristics of delegation of access authority, it mainly analyzes the depth and breadth of delegation, fine granularity and authorization method, etc. This paper lists the traditional delegation authorization solutions in the field of access control, compares various role-based delegation models, and puts forward the shortcomings of delegation in security audit and the reference model for implementing audit schemes. 3. The security audit function is added to the delegation model, and a role-based access control delegation model with security audit function is proposed, the formal definition of the model is given, and the security audit function in the model is described in detail. 4. Through the application in the case system, combined with the practice of the model, the security audit function is used to realize the solution of delegation authorization under different scenarios.
【學位授予單位】：重慶大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前10條

1 傅鸝;段鵬松;胡海波;;一種可審計的角色訪問控制模型[J];重慶工學院學報(自然科學版);2008年01期

2 劉懷宇,李偉琴;淺談訪問控制技術[J];電子展望與決策;1999年01期

3 劉海峰 ,卿斯?jié)h ,劉文清;安全操作系統(tǒng)審計的設計與實現(xiàn)[J];計算機研究與發(fā)展;2001年10期

4 趙慶松 ,孫玉芳 ,孫波;RPRDM:基于重復和部分角色的轉(zhuǎn)授權模型[J];計算機研究與發(fā)展;2003年02期

5 葉春曉;吳中福;符云清;鐘將;馮永;;基于屬性的擴展委托模型[J];計算機研究與發(fā)展;2006年06期

6 歐愛輝,須文波;加強Linux安全性的審計子系統(tǒng)的設計[J];江南大學學報;2003年01期

7 葉春曉;韓永征;胡海波;;“Chinese Wall”安全策略中的委托研究[J];計算機工程與應用;2011年29期

8 王小明;趙宗濤;馮德民;;一種動態(tài)角色委托代理授權模型[J];計算機科學;2002年02期

9 翟征德;;基于量化角色的可控委托模型[J];計算機學報;2006年08期

10 李黎,王小明,張黎明;ARDM——基于代理的角色代理模型[J];計算機應用研究;2005年11期

本文編號：2055582