本文關(guān)鍵詞： 基于角色的訪問(wèn)控制 權(quán)限 模型檢測(cè) 管理 時(shí)態(tài) 安全性分析　出處：《江蘇大學(xué)》2017年碩士論文　論文類型：學(xué)位論文

【摘要】：計(jì)算機(jī)技術(shù)的快速發(fā)展和網(wǎng)絡(luò)的普遍應(yīng)用,人們?cè)絹?lái)越重視信息系統(tǒng)安全問(wèn)題。如何保障授權(quán)用戶能夠獲取所需的資源,如何保證網(wǎng)絡(luò)資源不被非法使用和非法訪問(wèn)等成為人們亟需解決的重要問(wèn)題。訪問(wèn)控制是解決這些問(wèn)題的有效手段,它是一種重要的信息安全技術(shù)。本文首先研究了基于角色的訪問(wèn)控制管理模型,并在此基礎(chǔ)上結(jié)合時(shí)態(tài)信息領(lǐng)域的相關(guān)研究,提出了基于時(shí)態(tài)的ARBAC模型解決權(quán)限及時(shí)撤回分配問(wèn)題,實(shí)現(xiàn)可信的授權(quán)用戶在正確的時(shí)間表內(nèi)擁有正確的訪問(wèn)權(quán)限這一目的。然后利用分解組合的思想對(duì)提出的模型進(jìn)行安全性分析,使用基于抽象精化的模型檢測(cè)技術(shù)驗(yàn)證系統(tǒng)的安全策略,本文的具體研究?jī)?nèi)容如下:(1)本文為了解決基于角色訪問(wèn)控制模型中的管理授權(quán)問(wèn)題,提出了基于時(shí)態(tài)的ARBAC模型。首先,針對(duì)傳統(tǒng)的基于角色的訪問(wèn)控制模型中的權(quán)限集進(jìn)行劃分,使得與權(quán)限有關(guān)的權(quán)限角色分配上變得清晰,降低授權(quán)難度。其次,將時(shí)間約束嵌入到角色本身、用戶-角色分配(UA)和權(quán)限-角色分配(PA)中,并對(duì)模型進(jìn)行了形式化描述,時(shí)間約束的嵌入,有效地解決了權(quán)限回收問(wèn)題,減輕系統(tǒng)管理員的工作量。最后,將提出管理轄域的概念用于基于角色的訪問(wèn)控制模型中,提出基于時(shí)態(tài)的ARBAC模型,有效地管理該模型。與已有模型對(duì)比顯示本文提出的訪問(wèn)控制管理模型性能更優(yōu),靈活性較強(qiáng)。(2)本文為了分析基于時(shí)態(tài)的ARBAC模型的安全性,提出了三階段分解組合策略的安全性分析方法。首先,以管理員可以修改的時(shí)態(tài)關(guān)系,即時(shí)態(tài)的用戶-角色分配關(guān)系、時(shí)態(tài)的角色狀態(tài)關(guān)系、時(shí)態(tài)的權(quán)限-角色分配關(guān)系為基礎(chǔ)把安全問(wèn)題分解成三部分。其次,將第一階段得到的子問(wèn)題根據(jù)時(shí)間維度進(jìn)一步分解成更小的子問(wèn)題。針對(duì)不同的安全性問(wèn)題,在每個(gè)時(shí)間域內(nèi)采用基于抽象精化的模型檢測(cè)方法驗(yàn)證策略的安全性,從而對(duì)子問(wèn)題進(jìn)行安全性分析。最后,結(jié)合每個(gè)分解問(wèn)題獲得的結(jié)果提供完整的分析,將分析結(jié)果組合解釋問(wèn)題。實(shí)驗(yàn)顯示本文提出的安全性分析方法能夠較好地實(shí)現(xiàn)安全策略表達(dá)和安全策略驗(yàn)證。
[Abstract]:With the rapid development of computer technology and the widespread application of network, people pay more and more attention to the security of information system. How to ensure that network resources are not illegally used and illegally accessed has become an important problem that people urgently need to solve. Access control is an effective means to solve these problems. It is an important information security technology. Firstly, this paper studies the role-based access control management model, and then combines the relevant research in the field of temporal information. In this paper, a temporal ARBAC model is proposed to solve the problem of timely revocation of permissions. The trusted authorized user has the correct access rights within the correct schedule. Then the security analysis of the proposed model is carried out by using the idea of decomposition and combination. In order to solve the problem of management authorization in the role-based access control model, the specific research contents of this paper are as follows: (1) in order to solve the problem of management authorization in the role-based access control model, the security policy of the system is verified by the model checking technology based on abstract refinement. A temporal based ARBAC model is proposed. Firstly, the privilege set in the traditional role-based access control model is divided, which makes the assignment of privilege roles clear. Secondly, the time constraint is embedded into the role itself, user-role assignment UAA and privilege role assignment (PAA), and the model is formalized to embed the time constraint. Finally, the concept of management domain is applied to the role-based access control model, and the temporal ARBAC model is proposed. Compared with the existing models, the proposed access control management model has better performance and more flexibility.) in order to analyze the security of the temporal based ARBAC model. In this paper, a security analysis method of three-stage decomposed combination strategy is proposed. Firstly, the temporal relationship, which can be modified by the administrator, is defined as the user-role assignment relation of tense and the role state relationship of temporal. The security problem is decomposed into three parts on the basis of the temporal privilege-role relationship. Secondly, the security problem is divided into three parts. The sub-problems obtained in the first stage are further decomposed into smaller subproblems according to the time dimension, aiming at different security problems. In each time domain, the model checking method based on abstract refinement is used to verify the security of the strategy, so that the security of the sub-problem is analyzed. Finally, combined with the results obtained from each decomposition problem to provide a complete analysis. The experimental results show that the security analysis method proposed in this paper can achieve security policy expression and security policy verification.
【學(xué)位授予單位】：江蘇大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 熊金波;李鳳華;王彥超;馬建峰;姚志強(qiáng);;基于密碼學(xué)的云數(shù)據(jù)確定性刪除研究進(jìn)展[J];通信學(xué)報(bào);2016年08期

2 邵婧;楊政;陳左寧;殷紅武;;基于模型檢測(cè)的信息流策略安全性分析[J];計(jì)算機(jī)應(yīng)用研究;2016年08期

3 李勇;;移動(dòng)互聯(lián)網(wǎng)信息安全威脅與漏洞分析[J];通信技術(shù);2014年04期

4 劉強(qiáng);王磊;何琳;;RBAC模型研究歷程中的系列問(wèn)題分析[J];計(jì)算機(jī)科學(xué);2012年11期

5 鄭歆;;學(xué)生成績(jī)管理系統(tǒng)及安全子系統(tǒng)的設(shè)計(jì)[J];電腦與電信;2012年08期

6 劉建生;彭行順;;訪問(wèn)控制模型研究綜述[J];計(jì)算機(jī)與數(shù)字工程;2010年07期

7 張穎君;馮登國(guó);;基于尺度的時(shí)空RBAC模型[J];計(jì)算機(jī)研究與發(fā)展;2010年07期

8 雷斌;王林章;卜磊;李宣東;;基于狀態(tài)機(jī)模型的構(gòu)件健壯性測(cè)試[J];軟件學(xué)報(bào);2010年05期

9 安小明;王小明;王巧玲;;具有時(shí)空約束的角色訪問(wèn)控制模型[J];計(jì)算機(jī)工程與應(yīng)用;2010年07期

10 劉強(qiáng);姜云飛;李黎明;;RBAC系統(tǒng)的權(quán)限泄漏問(wèn)題及分析方法[J];計(jì)算機(jī)集成制造系統(tǒng);2010年02期

相關(guān)博士學(xué)位論文 前1條

1 王婷;面向授權(quán)管理的資源管理模型研究[D];解放軍信息工程大學(xué);2011年

相關(guān)碩士學(xué)位論文 前5條

1 毛竹林;訪問(wèn)控制管理模型研究[D];江蘇大學(xué);2016年

2 殷賢程;基于eAUTO實(shí)時(shí)嵌入式操作系統(tǒng)安全機(jī)制的設(shè)計(jì)與實(shí)現(xiàn)[D];電子科技大學(xué);2016年

3 賀群;訪問(wèn)控制模型研究及在網(wǎng)絡(luò)信息系統(tǒng)中的應(yīng)用[D];北京郵電大學(xué);2015年

4 唐國(guó)英;基于健康檔案的區(qū)域衛(wèi)生信息化平臺(tái)設(shè)計(jì)與實(shí)現(xiàn)[D];湖南大學(xué);2012年

5 董文超;VxWorks系統(tǒng)訪問(wèn)控制機(jī)制研究[D];解放軍信息工程大學(xué);2010年

，

本文編號(hào)：1456192