本文選題：信息安全 + 訪問控制��； 參考：《重慶大學(xué)》2014年碩士論文

【摘要】：信息技術(shù)的迅速發(fā)展和廣泛應(yīng)用，極大地推動了人類文明的進(jìn)步。人們在享受信息資源所帶來的巨大便利同時，也面臨著信息安全的嚴(yán)峻考驗(yàn)。信息在介質(zhì)中存儲和傳輸，難免會遭到非法的使用、篡改、泄露和破壞，，導(dǎo)致嚴(yán)重的信息安全事故。為了滿足信息安全的需要人們發(fā)展起來了多種信息安全技術(shù)手段，訪問控制和安全審計(jì)就是解決這些安全事故的重要技術(shù)手段之一。隨著網(wǎng)絡(luò)信息技術(shù)的發(fā)展，信息系統(tǒng)自身的脆弱性日益呈現(xiàn)出來，信息安全技術(shù)的缺陷也在應(yīng)用中日益明顯。單一的安全手段已經(jīng)難以解決不斷出現(xiàn)的信息安全問題，只有結(jié)合多種安全技術(shù)手段實(shí)施更安全更實(shí)際的安全方案，才能不斷滿足日益嚴(yán)峻的信息安全問題。 以往的信息系統(tǒng)安全模型中，訪問控制機(jī)制和安全審計(jì)功能都是以單獨(dú)的模塊來實(shí)現(xiàn)，兩模塊之間關(guān)系緊密但又工作透明，難以實(shí)現(xiàn)對訪問控制內(nèi)部的用戶權(quán)限審計(jì)。在訪問控制模型中，由于訪問權(quán)限的委托在實(shí)際應(yīng)用中有職能備份、權(quán)利下放、工作協(xié)同的特點(diǎn)，是訪問控制模型應(yīng)用研究的熱點(diǎn)和難點(diǎn)。但是由于與安全審計(jì)功能之間的聯(lián)系相對較少，沒有考慮對委托后的安全審計(jì)，缺少對委托權(quán)限的全方位動態(tài)管理。因此，本文主要從以下幾個方面對問題進(jìn)行研究： 1.深入研究信息安全模型的相關(guān)理論及其各個組件的安全機(jī)制，分析訪問控制的主要特性、模型特點(diǎn)，總結(jié)不同的訪問控制方式的優(yōu)缺點(diǎn)，并結(jié)合安全審計(jì)概念及特性，歸納出基于角色的訪問控制模型與安全審計(jì)的關(guān)聯(lián)。 2.根據(jù)訪問控制和安全審計(jì)的分析，從訪問權(quán)限委托的概念和特性出發(fā)，主要就委托的深廣度、細(xì)粒度和授權(quán)方式等方面進(jìn)行分析，列舉傳統(tǒng)訪問控制領(lǐng)域內(nèi)的委托授權(quán)解決方案，對比各種基于角色的委托模型，提出委托在安全審計(jì)方面的不足以及實(shí)施審計(jì)方案的參考模型。 3.將安全審計(jì)功能加入到委托模型中，提出一種具有安全審計(jì)功能的基于角色的訪問控制委托模型，給出模型形式化的定義，并對模型中安全審計(jì)功能進(jìn)行詳細(xì)描述。 4.通過在案例系統(tǒng)中的應(yīng)用，結(jié)合模型進(jìn)行實(shí)踐，利用安全審計(jì)功能實(shí)現(xiàn)不同場景下委托授權(quán)的解決方案。
[Abstract]:The rapid development and wide application of information technology have greatly promoted the progress of human civilization. At the same time, people are faced with the severe test of information security. Information stored and transmitted in media will inevitably be illegally used, tampered with, leaked and destroyed, resulting in serious information security accidents. In order to meet the needs of information security, a variety of information security techniques have been developed. Access control and security audit are one of the important technical means to solve these security accidents. With the development of network information technology, the vulnerability of information system becomes more and more obvious, and the defect of information security technology is becoming more and more obvious in application. It is difficult to solve the problem of information security by a single security means. Only by combining various security techniques to implement a more secure and practical security scheme can we continuously meet the increasingly serious information security problems. In the previous information system security model, the access control mechanism and the security audit function are realized by a single module. The relationship between the two modules is close but the work is transparent, so it is difficult to audit the user rights inside the access control. In the access control model, the delegation of access authority has the characteristics of functional backup, decentralization of power and cooperation of work in practical applications, so it is a hot and difficult point in the application of access control model. However, because of the relatively few links with the security audit function, the security audit after the delegation is not considered, and the omnidirectional dynamic management of the delegation authority is lacking. Therefore, this article mainly carries on the research from the following several aspects: 1. The related theories of information security model and the security mechanism of each component are deeply studied. The main characteristics of access control and the characteristics of the model are analyzed. The advantages and disadvantages of different access control methods are summarized, and the concept and characteristics of security audit are combined. The relationship between role-based access control model and security audit is summarized. 2. According to the analysis of access control and security audit, from the concept and characteristics of delegation of access authority, it mainly analyzes the depth and breadth of delegation, fine granularity and authorization method, etc. This paper lists the traditional delegation authorization solutions in the field of access control, compares various role-based delegation models, and puts forward the shortcomings of delegation in security audit and the reference model for implementing audit schemes. 3. The security audit function is added to the delegation model, and a role-based access control delegation model with security audit function is proposed, the formal definition of the model is given, and the security audit function in the model is described in detail. 4. Through the application in the case system, combined with the practice of the model, the security audit function is used to realize the solution of delegation authorization under different scenarios.
【學(xué)位授予單位】：重慶大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 傅鸝;段鵬松;胡海波;;一種可審計(jì)的角色訪問控制模型[J];重慶工學(xué)院學(xué)報(自然科學(xué)版);2008年01期

2 劉懷宇,李偉琴;淺談訪問控制技術(shù)[J];電子展望與決策;1999年01期

3 劉海峰 ,卿斯?jié)h ,劉文清;安全操作系統(tǒng)審計(jì)的設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)研究與發(fā)展;2001年10期

4 趙慶松 ,孫玉芳 ,孫波;RPRDM:基于重復(fù)和部分角色的轉(zhuǎn)授權(quán)模型[J];計(jì)算機(jī)研究與發(fā)展;2003年02期

5 葉春曉;吳中福;符云清;鐘將;馮永;;基于屬性的擴(kuò)展委托模型[J];計(jì)算機(jī)研究與發(fā)展;2006年06期

6 歐愛輝,須文波;加強(qiáng)Linux安全性的審計(jì)子系統(tǒng)的設(shè)計(jì)[J];江南大學(xué)學(xué)報;2003年01期

7 葉春曉;韓永征;胡海波;;“Chinese Wall”安全策略中的委托研究[J];計(jì)算機(jī)工程與應(yīng)用;2011年29期

8 王小明;趙宗濤;馮德民;;一種動態(tài)角色委托代理授權(quán)模型[J];計(jì)算機(jī)科學(xué);2002年02期

9 翟征德;;基于量化角色的可控委托模型[J];計(jì)算機(jī)學(xué)報;2006年08期

10 李黎,王小明,張黎明;ARDM——基于代理的角色代理模型[J];計(jì)算機(jī)應(yīng)用研究;2005年11期

本文編號：2055582