多数据库系统中基于角色的访问控制策略研究

本文提出了一个基于角色的多数据库访问控制策略,它包含了基于RBAC的授权主体定义、基于面向对象公共数据模型的授权客体定义和基于语义的授权规则。另外,我们还深入讨论了授权冲突的解决和具体的实现算法。     

Secure context-sensitive authorization

There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as “allow database access only to staff who are currently located in the main office”. However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we do not need a universally trusted central host that maintains all the context information. The core of our approach is to decompose a proof for making an authorization decision into a set of sub-proofs produced on multiple different hosts, while preserving the integrity and confidentiality policies of the mutually untrusted principals operating these hosts. We prove the correctness of our algorithm.     

Computational complexity of the problem of tree generation under fine-grained access control policies

We consider the problem of deciding whether a fine-grained access control policy for tree updates allows a particular document to be constructed. This problem arises from a number of natural questions related to document security, authenticity, and verifiability. Fine-grained access control is the problem of specifying the set of operations that may be performed on a complex structure. For tree-structured databases and documents, particularly XML, a rule-based approach is most common. In this model, access control policies consist of rules that select the allowed or disallowed targets of queries or updates based on their hierarchical relationships to other nodes.We show that, for a typical form of rule-based fine-grained access control policies based on a simple fragment of XPath, this problem is undecidable. We also prove lower bounds on the complexity of various restrictions of this problem, and demonstrate deterministic and nondeterministic polynomial-time algorithms for two restrictions in particular.These results show that, for sufficiently complex access control languages, certain forms of analysis are very difficult or even impossible, limiting the ability to verify documents, audit existing policies, and evaluate new policies. Thus rule-based access control policies based on XPath are, in some sense, too powerful, demonstrating the need for a model of access control of tree updates that bridges the gap between expressive and analyzable policies.     

基于角色的访问控制在Web中的实现技术

基于角色的访问控制（RBAC）具有减少授权管理复杂性，降低管理开销，并能提供与企业组织结构相一致的安全策略的优势，RBAC/Web模型是大型企业网实现授权访问的最佳方案，在介绍了基于RBAC的Web资源访问控制策略后，给出了一种在代理服务器中实现的原型系统。     

An interface between object-oriented databases and relational databases

Currently relational databases are widely used, while object-oriented databases are emerging as a new generation of database technology. This paper presents a methodology to provide effective sharing of information in object-oriented databases and relational databases. The object-oriented data model is selected as a common data model to build an integrated view of the diverse databases. An object-oriented query language is used as a standard query language. A method is developed to transform a relational data definition to an equivalent object-oriented data definition and to integrate local data definitions. Two distributed query processing methods are derived. One is for general queries and the other for a special class of restricted queries. Using the methods developed, it is possible to access distributed object-oriented databases and relational databases such that the locations and the structural differences of the databases are transparent to users.     

PBAC: Provision-based access control model

Over the years a wide variety of access control models and policies have been proposed, and almost all the models have assumed “grant the access request or deny it.” They do not provide any mechanism that enables us to bind authorization rules with required operations such as logging and encryption. We propose the notion of a “provisional action” that tells the user that his request will be authorized provided he (and/or the system) takes certain actions. The major advantage of our approach is that arbitrary actions such as cryptographic operations can all coexist in the access control policy rules. We define a fundamental authorization mechanism and then formalize a provision-based access control model. We also present algorithms and describe their algorithmic complexity. Finally, we illustrate how provisional access control policy rules can be specified effectively in practical usage scenarios. Published online: 22 January 2002     

Model-induced term-weighting schemes for text classification

Access control policies are specified within systems to ensure confidentiality of their information. Available knowledge about policies is usually incomplete and uncertain. An essential goal in reasoning is to reach conclusions which can be justified. However, since justification does not necessarily guarantee truth, the best we can do is to derive “plausible/ tentative” conclusions from partial and conflicting information. Policies are typically expressed as rules that could be complex and include timing constraints. Complex sets of access policies can contain conflicts e.g., a rule allows access while another rule prevents it. In this paper, we aim at providing a formalism for specifying authorization policies of a dynamic system. We present a temporal defeasible logic (TDL) which allows us to specify temporal policies and to handle conflicts. It can be shown that the proposed model is a generalization of the role-based access control model.     

The resource access authorization route problem in a collaborative manufacturing system

Most of collaborative manufacturing systems are based on or involved in distributed information systems. Access control model, as an important infrastructure facility of information system, is frequently employed to control the resource sharing and cooperation in a collaborative manufacturing system. However, Configuring and running an access control model in a collaborative manufacturing system is a more complex problem. The reason is that there are more resources to be accessed and more complex security policies and rules from different partners to be obeyed in such a system than these in an individual information system. Un-intuitional semantic of security policies directly result in administrators’ confusion in judging the legitimacy of authorization actions. They don’t even know which authorization actions should be performed and what performing order should be executed by. So, it is necessary to configure an authority action sequence, including an authority action set and the performing order, to help the administrators to perform the given authorization task without violating these multisource security policies and rules. In this paper, how to configure the authority action sequence is defined as an authorization route problem at first. Then, the problem is modeled as a classical planning problem and a GraphPlan algorithm is revised to solve it. Based on the modeled problem and the revised algorithm, a prototype system named PolicyProber is developed to provide an authority action sequence for administrators in a visual way. Several cases are used to demonstrate the effectiveness of the presented model, method and algorithm. The research achievements and its application in industry can help administrators make correct decisions, which can strength the safety of a collaborative manufacturing system indirectly.     

面向多级关系数据库的RBAC扩展模型

提出了一种角色访问控制扩展模型,该模型在标准RBAC体系中引入分级策略,通过扩展读写规则和授权限制消除了RBAC中向下的信息流,并通过范围分离和会话密级等语义保留了标准RBAC的灵活性和表达力。该模型可应用在众多既需要控制信息流动的强制存取控制又需要有角色存取机制灵活性的系统中。在给出模型的形式化定义后,对模型的实现规则、访问策略、权限分配管理、在多级关系数据库中的实现机制及模型的BNF范式以及具体应用做了说明。     

基于知识发现的风险最小化授权模型

访问控制技术是网络信息系统安全的核心技术之一。针对开放式网络下基于信任访问控制问题中的授权需求,提出了基于知识发现的风险最小化授权(信任-权限)模型,对模型元素、关系、约束和规则、授权策略进行了形式化定义。RMAM-KD模型引入信任和风险的概念,对权限进行细粒度划分,将交互中涉及到的实体属性及其信任值和风险值作为授权判断的重要参考依据,并加入时间约束限制,能够更好地支持动态的授权机制。最后,给出了RMAM-KD模型授权的应用实例及安全性分析,表明RMAM-KD模型能够有效地保证对客体资源的安全访问。     

用基于RBAC的方法集成遗产系统的访问控制策略

访问控制是软件系统的重要安全机制,其目的在于确保系统资源的安全访问。针对多数遗产系统的访问控制不是基于角色的且其实现形式多样,提出了一种基于RRAC的访问控制策略集成方法。该方法将遗产系统中的权限映射为集成系统中的任务,能够在任务树和策略转换规则的基础上使用统一的形式重组访问控制策略。此外,该方法给出了一组用于实现后续授权操作的管理规则。案例分析表明,提出的方法是可行的,能够有效地集成遗产系统的访问控制策略,并将RRAC引入遗产系统的访问控制。     

On modeling cost functions for object-oriented databases

In this paper, we present a set of parameters able to exactly model topologies of object references in object-oriented databases. These parameters are important since they are used to model query execution strategy costs for optimization. The model we present considers also the cases of multivalued attributes and null references. Moreover, a set of derived parameters are introduced and their mathematical derivations are shown. These derived parameters are important, since they allow selectivity of nested predicates to be estimated. Moreover, they are used in estimating storage, access, and update costs for a number of access structures specifically tailored to efficiently support object-oriented queries     

工作流系统上下文相关访问控制模型

访问控制是提高工作流系统安全性的重要机制。基于角色的访问控制（RBAC）被绝大多数工作流系统所采用，已成为工作流领域研究的热点。但是，现有的基于角色的访问控制模型没有考虑工作流上下文对任务执行授权安全的影响，容易造成权限冗余，也不支持职责分离策略。该文提出一种工作流上下文相关访问控制模型WfCAC，首先，定义该模型的构成要素和体系结构，然后讨论工作流职责分离和访问控制机制，并对模型性质进行分析。WfCAC模型支持用户组及其层次结构，支持最小权限授权策略和职责分离策略，实现了工作流上下文相关访问控制。     

On transformation of authorization policies

In this paper, we propose a logic based approach to specify and to reason about transformation of authorization policies. The authorization policy is specified using a policy base which comprises a finite set of facts and access constraints. We define the structure of the policy transformation and employ a model-based semantics to perform the transformation under the principle of minimal change. Furthermore, we extend model-based semantics by introducing preference ordering to resolve possible conflicts during transformation of policies. We also discuss the implementation of the model-based transformation approach and analyse the complexity of the algorithms introduced. Our system is able to represent both implicit and incomplete authorization requirements and reason about nonmonotonic properties.     

The living in a lattice rule language

This paper presents a rule-based query language for an object-oriented database model. The database model supports complex objects, object identity, classes and types, and a class/type hierarchy. The instances are described by ‘object relations’ which are functions from a set of objects to value sets and other object sets. The rule language is based on object-terms which provide access to objects via the class hierarchy. Rules are divided into two classes: object-preserving rules manipulating existing objects (yielding a new ‘view’ on objects available in the object base) and object-generating rules creating new objects with properties derived from existing objects. The derived object sets are included in a class lattice. We give conditions for whether the instances of the ‘rules’ heads are ‘consistent’, i.e. represent object relations where the properties of the derived objects are functionally determined by the objects.     

Authorization and revocation in object-oriented databases

Few studies of object-oriented databases deal with their security, a fundamental aspect of systems with complex data structures. Most authorization systems give users who own resources only some basic control over them; here, we provide users with more direct control over their resources by associating with each grant propagation numbers. Propagation numbers govern the grantability and exercisability of the privileges. Of particular interest in our study of authorization in an OO environment is the combination of inheritance and granting of privileges. Diverse policies are discussed and implemented in a test-bed system     

基于使用控制和上下文的动态网格访问控制模型研究

网格环境动态、多域和异构性的特点决定其需要灵活、易于扩展和精细的授权机制.近来在网格环境下的访问控制方面做了大量研究,现有的模型大多在相对静止的前提下,基于主体的标识、组和角色信息进行授权,缺乏具体的上下文信息和灵活的安全策略.本文提出了网络环境下基于使用控制和上下文的动态访问控制模型.在该模型中,授权组件使用主体和客体属性定义传统的静态授权;条件组件使用有关的动态上下文信息体现了对主体在具体环境中的动态权限控制.在该模型的基础上,本文实现了一个原型系统,以验证模型的效率和易于实现性.     

应用区域边界授权模型

应用区域边界安全系统是一个关防系统,它在使用过程中能否达到保护应用环境安全的目标是由其安全授权规则集的完备性和一致性及对其授权的简便性决定的。应用环境中的主体是通过各种不同的应用协议对客体进行访问的,它们在通过应用区域边界安全系统时,应用区域边界安全系统将根据安全授权规则集对其访问请求进行检验,若满足安全授权规则集要求,则允许通过,反之拒绝。因此,我们根据访问请求所涉及的主体、客体、协议、安全策略等部件,给出了应用区域边界授权的体系结构,同时在给出刻画它们特性的谓词基础上,提出了易于表达安全策略的应用区域边界形式化授权模型。对此形式化模型进行编译不仅可以根据安全策略对授权的合法性进行检验,而且也可以及时发现安全策略中存在的漏洞,从而可以得到一个正确的安全授权规则集。     

Authorization in multilevel database models

In a multilevel database architecture, authorization rules may be written at the conceptual level or at the external level. We analyze here the consistency of authorization rules written at these two levels. We assume that the conceptual level model is of the entity-relationship type and the external model is relational. The validation of access requests against authorization rules is also discussed.