一种RB-RBAC模型规则冲突消解算法

RB-RBAC(Rule-Based RBAC)模型克服了RBAC模型的一些局限,提供了基于用户属性自动指派角色的机制。RB-RBAC模型允许进行否定授权,可能在进行授权的过程中出现冲突。在研究RB-RBAC模型冲突规则间关系的基础上,提出了一种基于否定优先的冲突消解算法,能够在保持原有语义的条件下,自动改写RB-RBAC模型中冲突的授权规则来消解冲突。     

Role-based authorizations for workflow systems in support of task-based separation of duty

Role-based authorizations for assigning tasks of workflows to roles/users are crucial to security management in workflow management systems. The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors. This work analyzes and defines several duty-conflict relationships among tasks, and designs authorization rules to enforce SoD constraints based on the analysis. A novel authorization model that incorporates authorization rules is then proposed to support the planning of assigning tasks to roles/users, and the run-time activation of tasks. Different from existing work, the proposed authorization model considers the AND/XOR split structures of workflows and execution dependency among tasks to enforce separation of duties in assigning tasks to roles/users. A prototype system is developed to realize the effectiveness of the proposed authorization model.     

Conflicts in policy-based distributed systems management

Modern distributed systems contain a large number of objects and must be capable of evolving, without shutting down the complete system, to cater for changing requirements. There is a need for distributed, automated management agents whose behavior also has to dynamically change to reflect the evolution of the system being managed. Policies are a means of specifying and influencing management behavior within a distributed system, without coding the behavior into the manager agents. Our approach is aimed at specifying implementable policies, although policies may be initially specified at the organizational level and then refined to implementable actions. We are concerned with two types of policies. Authorization policies specify what activities a manager is permitted or forbidden to do to a set of target objects and are similar to security access-control policies. Obligation policies specify what activities a manager must or must not do to a set of target objects and essentially define the duties of a manager. Conflicts can arise in the set of policies. Conflicts may also arise during the refinement process between the high level goals and the implementable policies. The system may have to cater for conflicts such as exceptions to normal authorization policies. The paper reviews policy conflicts, focusing on the problems of conflict detection and resolution. We discuss the various precedence relationships that can be established between policies in order to allow inconsistent policies to coexist within the system and present a conflict analysis tool which forms part of a role based management framework. Software development and medical environments are used as example scenarios     

The resource access authorization route problem in a collaborative manufacturing system

Most of collaborative manufacturing systems are based on or involved in distributed information systems. Access control model, as an important infrastructure facility of information system, is frequently employed to control the resource sharing and cooperation in a collaborative manufacturing system. However, Configuring and running an access control model in a collaborative manufacturing system is a more complex problem. The reason is that there are more resources to be accessed and more complex security policies and rules from different partners to be obeyed in such a system than these in an individual information system. Un-intuitional semantic of security policies directly result in administrators’ confusion in judging the legitimacy of authorization actions. They don’t even know which authorization actions should be performed and what performing order should be executed by. So, it is necessary to configure an authority action sequence, including an authority action set and the performing order, to help the administrators to perform the given authorization task without violating these multisource security policies and rules. In this paper, how to configure the authority action sequence is defined as an authorization route problem at first. Then, the problem is modeled as a classical planning problem and a GraphPlan algorithm is revised to solve it. Based on the modeled problem and the revised algorithm, a prototype system named PolicyProber is developed to provide an authority action sequence for administrators in a visual way. Several cases are used to demonstrate the effectiveness of the presented model, method and algorithm. The research achievements and its application in industry can help administrators make correct decisions, which can strength the safety of a collaborative manufacturing system indirectly.     

分布式环境下的访问控制

为适应分布式环境下的安全需求,提出了一种描述访问控制策略和判定访问请求的方法。采用类似于无函数的扩展逻辑程序的表示方法对安全访问策略进行描述,限定权限传播的深度,利用不同的优先次序定义了多种消解冲突的规则,并给出了类似扩展逻辑程序的回答集语义解释。结合确定性推理和可能性推理,描述了如何判定访问请求的算法。解决了3个问题：分布式授权、私有权限和冲突消解方法。     

网络安全策略冲突分类及自动检测与恢复

在分析网络安全策略冲突研究现状的基础上,针对策略冲突分类不完善及现在安全策略冲突检测方法的不足,指出由于网络策略之间的规则依赖语义和规则相互作用,一个成功的网络安全系统配置需要全面分析所有网络安全设备的策略配置以避免策略冲突和矛盾.本文首先描述了过滤规则之间所有可能的关系,然后对基于过滤的网络安全策略中的冲突进行全面分类,接着通过实验指出即使是专家系统管理员,产生这种冲突的可能性也很高,并提出了内部和外部访问列表策略冲突的自动检测与恢复模型来识别和矫正这些冲突,最后讨论了今后研究的方向.     

Secure context-sensitive authorization

There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as “allow database access only to staff who are currently located in the main office”. However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we do not need a universally trusted central host that maintains all the context information. The core of our approach is to decompose a proof for making an authorization decision into a set of sub-proofs produced on multiple different hosts, while preserving the integrity and confidentiality policies of the mutually untrusted principals operating these hosts. We prove the correctness of our algorithm.     

A national-scale authentication infrastructure

Participants in virtual organizations commonly need to share resources such as data archives, computer cycles, and networks, resources usually available only with restrictions based on the requested resource's nature and the user's identity. Thus, any sharing mechanism must have the ability to authenticate the user's identity and determine whether the user is authorized to request the resource. Virtual organizations tend to be fluid, however, so authentication mechanisms must be flexible and lightweight, allowing administrators to quickly establish and change resource-sharing arrangements. Nevertheless, because virtual organizations complement rather than replace existing institutions, sharing mechanisms cannot change local policies and must allow individual institutions to maintain control over their own resources. Our group has created and deployed an authentication and authorization infrastructure that meets these requirements: the Grid Security Infrastructure (I. Foster et al., 1998). GSI offers secure single sign-ons and preserves site control over access policies and local security. It provides its own versions of common applications, such as FTP and remote login, and a programming interface for creating secure applications. Dozens of supercomputers and storage systems already use GSI, a level of acceptance reached by few other security infrastructures.     

基于Web的工作流安全性研究

基于Web的工作流管理系统的安全问题主要涉及到两方面:授权(及访问控制)和安全通讯。工作流管理系统需要一个动态的授权机制,即在工作流的执行过程中动态地分配和撤销相应的权限。文中提出一个动态授权模型,即利用5个授权函数、授权数据库(AB)以及任务执行过程中产生的一些事件来实现动态授权机制。此外还简要介绍了基于Web的工作流中涉及到的安全通讯问题及其解决方法。利用这个模型,可以大大地增强工作流管理系统的安全性能。     

A model for evaluation and administration of security inobject-oriented databases

The integration of object-oriented programming concepts with databases is one of the most significant advances in the evolution of database systems. Many aspects of such a combination have been studied, but there are few models to provide security for this richly structured information. We develop an authorization model for object-oriented databases. This model consists of a set of policies, a structure for authorization rules, and algorithms to evaluate access requests against the authorization rules. User access policies are based on the concept of inherited authorization applied along the class structure hierarchy. We propose also a set of administrative policies that allow the control of user access and its decentralization. Finally, we study the effect of class structuring changes on authorization     

Authentication and authorization infrastructure for Grids—issues,technologies, trends and experiences

Authentication and authorization for Grids is a challenging security issue. In this paper, key issues for the establishment of Grid authentication and authorization infrastructures are discussed, and an overview of major Grid authentication and authorization technologies is presented. Related to this, recent developments in Grid authentication and authorization infrastructures suggest adoption of the Shibboleth technology which offers advantages in terms of usability, confidentiality, scalability and manageability. When combined with advanced authorization technologies, Shibboleth-based authentication and authorization infrastructures provide role-based, fine-grained authorization. We share our experience in constructing a Shibboleth-based authentication and authorization infrastructure and believe that such infrastructure provides a promising solution for the security of many application domains.     

PBAC: Provision-based access control model

Over the years a wide variety of access control models and policies have been proposed, and almost all the models have assumed “grant the access request or deny it.” They do not provide any mechanism that enables us to bind authorization rules with required operations such as logging and encryption. We propose the notion of a “provisional action” that tells the user that his request will be authorized provided he (and/or the system) takes certain actions. The major advantage of our approach is that arbitrary actions such as cryptographic operations can all coexist in the access control policy rules. We define a fundamental authorization mechanism and then formalize a provision-based access control model. We also present algorithms and describe their algorithmic complexity. Finally, we illustrate how provisional access control policy rules can be specified effectively in practical usage scenarios. Published online: 22 January 2002     

一个基于逻辑的存取控制模型

在任何一个安全系统中，存取控制都是一个极为重要的问题。本文提出一个基于逻辑程序设计的方法来管理非集中式的授权及其代理。在这个系统中，允许用户代理管理权限、授权或禁止其他用户使用某些存取权限。给出一组独立于论域的规则来实现代理正确性、解决冲突和沿着主体、客体及存取权限层次结构的授权传递，其基本思想是将这些一般规则与用户定义的一组与论域相关的特殊规则结合起来，以推导出系统中成立的所有授权。此外，还给出一些语义性质。     

特权约束系统职责隔离问题研究

特权控制操作系统最重要的资源,需要应用职责隔离原则,确保特权安全.与现有研究不同,从特权隐式授权方面探讨对职责隔离的支持问题.通过分析特权来源,将特权定义分解为约束规则与执行规则,弥补了现有访问控制研究中对权限效果描述不足的缺陷.两类规则间的逻辑推导说明授权间的推导关系,即特权间存在隐式授权,可能不满足职责隔离要求.利用授权推导关系图准确而全面地反映了特权机制的所有隐式授权.从特权的职责隔离属性,及职责隔离对特权的机制要求两方面探讨上层职责隔离需求与底层特权控制实施的一致性问题.以目前广泛应用的POSIX权能机制为例,给出其形式化模型BMPS模型的定义,指出该机制支持职责隔离存在的问题,并对该机制进行了改进,给出满足职责隔离要求的特权策略实施方案.     

用基于RBAC的方法集成遗产系统的访问控制策略

访问控制是软件系统的重要安全机制,其目的在于确保系统资源的安全访问。针对多数遗产系统的访问控制不是基于角色的且其实现形式多样,提出了一种基于RRAC的访问控制策略集成方法。该方法将遗产系统中的权限映射为集成系统中的任务,能够在任务树和策略转换规则的基础上使用统一的形式重组访问控制策略。此外,该方法给出了一组用于实现后续授权操作的管理规则。案例分析表明,提出的方法是可行的,能够有效地集成遗产系统的访问控制策略,并将RRAC引入遗产系统的访问控制。     

一种基于MapReduce的防火墙策略冲突并行化检测及消解模型

防火墙在网络安全中起到很重要的作用,其中防火墙策略中的规则决定了网络数据包被“允许”或被“拒绝”进出网络。对于大型网络来说,由于规则太多,管理者很难保证其中不出现冲突,因此策略中规则冲突的检测及解决成为了保证网络安全的重要方面。提出了一种基于MapReduce模型的防火墙策略冲突检测解决算法,它对由基于规则的分段技术得到的片段进行自定义的排序,之后将其转化为规则的形式来代替原来的规则进行数据包的过滤。片段间两两不相交且匹配的包只执行一种动作,从而消除了冲突。     

Integration of task abortion and security requirements in GA-based meta-heuristics for independent batch grid scheduling

Scheduling and resource allocation in large scale distributed environments, such as Computational Grids (CGs), arise new requirements and challenges not considered in traditional distributed computing environments. Among these new requirements, task abortion and security become needful criteria for Grid schedulers. The former arises due to the dynamics of the Grid systems, in which resources are expected to enter and leave the system in an unpredictable way. The latter requirement appears crucial in Grid systems mainly due to a multi-domain nature of CGs. The main aim of this paper is to develop a scheduling model that enables the aggregation of task abortion and security requirements as additional, together with makespan and flowtime, scheduling criteria into a cumulative objective function. We demonstrate the high effectiveness of genetic-based schedulers in finding near-optimal solutions for multi-objective scheduling problem, where all criteria (objectives) are simultaneously optimized. The proposed meta-heuristics are experimentally evaluated in static and dynamic Grid scenarios by using a Grid simulator. The obtained results show the fast reduction of the values of basic scheduler performance metrics, especially in the dynamic case, that confirms the usefulness of the proposed approach in real-life scenarios.     

基于描述逻辑的策略冲突检测方法研究及实现

采用基于策略的方法对安全管理、服务质量等进行监管,已经得到广泛应用。本文提供了一种基于描述逻辑的策略建模方式,将策略定义为两种类型,即授权策略和义务策略;建立策略相关的概念,结合概念之间的关系得到基于描述逻辑的策略模型。策略冲突会导致不一致的系统行为,是策略分析最重要的内容。本文深入研究了不同类型的策略 略冲突,在所建立的模型基础上提出了一套基于描述逻辑的策略冲突检测方法,并使用推理机Racer举例验证了这种检测方法。