基于规则推导的特权隐式授权分析

介绍了一种研究系统特权安全问题的方法.由于其特有的迁移系统安全状态的能力,使得分析及保护系统特权都很困难,因此,传统访问控制研究中所采用的技术无法复制到该领域.在访问控制空间理论下,检查了系统特权的来源问题及其特点,从而将系统规则划分为约束规则与执行规则两类,分别描述授权的限制与效果.进一步对规则逻辑形式进行推导,发现特权操作问的特殊授权关系以及相关属性,并设计了一种快速构造授权推导图的算法.在此基础上,分析隐式授权安全问题可能存在的滥用特权威胁.最后对POSIX(portable operating system interface)标准的权能机制进行形式化描述,计算并构造其授权推导图.对标准设计中存在的滥用威胁提供了对策,有效地实现了与最小特权原则的一致性.     

层次化角色的受限授权模型研究

针对现有用户-用户的层次化角色授权模型存在授权冲突问题,基于授权的时限和约束限制规则,对层次化角色的授权组件、相关性质以及互斥角色的约束限制规则进行了描述.提出了一种层次化角色的受限授权模型,该模型满足最小特权和职责分离两安全原则.给出了角色授权的生成和撤销算法,并对该模型的正确性和完整性进行了讨论.最后给出了实现该模型的体系架构,并通过应用实例验证了模型的有效性和实用性,较好地解决了角色层次上的授权冲突问题.     

角色转授权模型中授权冲突问题的解决方案

针对现有用户-用户的角色转授权模型存在授权冲突问题,基于转授权的组件、相关性质以及约束规则,提出了一种约束转授权模型,该模型满足最小特权和职责分离两安全原则,给出了该模型的体系架构和功能描述;以此模型为背景介绍了一种约束描述语言及其形式化语义描述;通过规约算法和构造算法论证了它与严格形式上的一阶谓词逻辑是等价的,并对该约束语言的合理性和完整性进行了讨论;最后用该约束语言给出了模型的表现能力,较好的解决了转授权冲突问题。     

基于规则的受限委派框架

委派(delegation)允许特权在主体间传播,是信任管理系统实现跨域授权的核心机制,但不加限制的委派可导致特权扩散,削弱了信息系统的安全性.现有信任管理系统的委派机制缺乏有效的特权传播控制能力,委派机制的安全性也有待于严格的分析和证明.文中提出了基于角色的受限委派模型RCDM,能够支持灵活的特权委派策略,并采用一种范围约束(scope constraint)结构控制特权传播的深度范围和广度范围.面向RCDM提出一种基于规则的满足性验证算法C3A,基于逻辑程序语义理论分析了C3A算法关于RCDM的可靠性和完备性问题,从理论上证明了RCDM的安全性和可用性.     

数据库安全模型的研究

在现有安全模型的基础上提出了NDMAC模型。该模型对主客体进行了明确的定义和分类。并采用最细客体枉度为属性和元组级的方案。该模型提出了隶属完整性规则、实体完整性规则和推理完整型规则。并给出了六种操作的处理策略。此外模型引入了同步约束、互斥约束和推理约束,并通过引入特权机制增强该模型的灵活性。     

工作流系统上下文相关访问控制模型

访问控制是提高工作流系统安全性的重要机制。基于角色的访问控制（RBAC）被绝大多数工作流系统所采用，已成为工作流领域研究的热点。但是，现有的基于角色的访问控制模型没有考虑工作流上下文对任务执行授权安全的影响，容易造成权限冗余，也不支持职责分离策略。该文提出一种工作流上下文相关访问控制模型WfCAC，首先，定义该模型的构成要素和体系结构，然后讨论工作流职责分离和访问控制机制，并对模型性质进行分析。WfCAC模型支持用户组及其层次结构，支持最小权限授权策略和职责分离策略，实现了工作流上下文相关访问控制。     

基于角色的管理模型隐式授权分析

基于角色的管理模型被用于管理大型RBAC(role-based access control)系统的授权关系,UARBAC 具有可扩展、细粒度等优点.UARBAC 的管理操作包含隐式授权.隐式授权分析说明UARBAC 管理操作的两类缺陷,包括两个定义缺陷,即无法创建客体和虚悬引用,以及一个实施缺陷,即不支持最小授权.通过修改管理操作更正定义缺陷,提出实施缺陷的改进方案.定义实施最小授权的最小角色匹配问题,证明该问题是NP 难,并给出基于贪心算法的可行方案,帮助管理员选择合适的管理操作将最小角色集合授予用户.     

主动授权规则实施支持空间特性的RBAC*

为满足安全策略或者角色定义的变化,系统或模型应该提供一种灵活的机制实施支持空间特性的RBAC。引入了OITE（on-if-then-else）主动授权规则实施支持空间特性的RBAC,定义了支持空间特性的RBAC中各基本元素与OITE之间的映射关系。使用OITE作为实施机制,可以在不同粒度上实施带有空间特性角色约束,并且可以将支持空间特性的RBAC应用在多个领域中。最后简要讨论了授权规则如何从支持空间特性的RBAC安全策略中自动产生。     

支持授权的基于角色的访问控制模型及实现

现有的基于角色的访问控制模型多采用集中授权管理方式，不能满足大型复杂协作系统的需求．文中对RBAC96模型进行扩展，形成了支持授权的基于角色的访问控制模型．该模型引入角色语境作为自主授权活动的依据，通过语境部件授权极限值、授权域、授权类型以及撤销类型的定义，以支持灵活的自主授权活动，并支持多步授权，允许安全管理员对系统进行宏观安全控制．对该模型的基本部件和规范进行了描述，并且给出授权活动的实现算法和应用实例．     

基于属性和角色的访问控制模型

针对Web资源访问控制对访问控制策略灵活性、动态性以及权限管理便捷性的需求,提出一种基于属性和角色的访问控制模型ACBAR,对模型中的元素、关系及规则进行了形式化定义。给出了ACBAR模型的应用实例及相关访问控制策略,并对模型的安全性和应用复杂度进行了分析。ACBAR模型在遵循最小特权和职责分离等安全原则的基础上,相对于RBAC模型有效降低了角色管理的复杂度,支持灵活、动态的Web资源访问控制策略。     

Role-based authorizations for workflow systems in support of task-based separation of duty

Role-based authorizations for assigning tasks of workflows to roles/users are crucial to security management in workflow management systems. The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors. This work analyzes and defines several duty-conflict relationships among tasks, and designs authorization rules to enforce SoD constraints based on the analysis. A novel authorization model that incorporates authorization rules is then proposed to support the planning of assigning tasks to roles/users, and the run-time activation of tasks. Different from existing work, the proposed authorization model considers the AND/XOR split structures of workflows and execution dependency among tasks to enforce separation of duties in assigning tasks to roles/users. A prototype system is developed to realize the effectiveness of the proposed authorization model.     

Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL

ContextRole-based access control (RBAC) has become the de facto standard for access management in various large-scale organizations. Often role-based policies must implement organizational rules to satisfy compliance or authorization requirements, e.g., the principle of separation of duty (SoD). To provide business continuity, organizations should also support the delegation of access rights and roles, respectively. This, however, makes access control more complex and error-prone, in particular, when delegation concepts interplay with SoD rules.ObjectiveA systematic way to specify and validate access control policies consisting of organizational rules such as SoD as well as delegation and revocation rules shall be developed. A domain-specific language for RBAC as well as delegation concepts shall be made available.MethodIn this paper, we present an approach to the precise specification and validation of role-based policies based on UML and OCL. We significantly extend our earlier work, which proposed a UML-based domain-specific language for RBAC, by supporting delegation and revocation concepts.ResultWe show the appropriateness of our approach by applying it to a banking application. In particular, we give three scenarios for validating the interplay between SoD rules and delegation/revocation.ConclusionTo the best of our knowledge, this is the first attempt to formalize advanced RBAC concepts, such as history-based SoD as well as various delegation and revocation schemes, with UML and OCL. With the rich tool support of UML, we believe our work can be employed to validate and implement real-world role-based policies.     

基于职责分离的角色挖掘算法

现有的角色挖掘算法只为追求得到最小角色集的挖掘结果,并没有考虑到系统中的职责分离(Separation of Duty,SoD),而SoD是维护系统安全的重要约束。对此,提出一种基于职责分离的角色挖掘算法。将用户权限关系转化成布尔矩阵表示,利用权限分组的方法在角色挖掘过程中为角色赋予SoD约束信息。生成静态互斥角色t-t SMER(Statically Mutually Exclusive Roles,SMER)约束集,利用该约束集实现系统中SoD约束。实验结果表明该算法执行效率高,能够有效维护系统安全。     

A concurrent rule scheduling algorithm for active rules

The use of rules in a distributed environment creates new challenges for the development of active rule execution models. In particular, since a single event can trigger multiple rules that execute over distributed sources of data, it is important to make use of concurrent rule execution whenever possible. This paper presents the details of the integration rule scheduling (IRS) algorithm. Integration rules are active database rules that are used for component integration in a distributed environment. The IRS algorithm identifies rule conflicts for multiple rules triggered by the same event through static, compile-time analysis of the read and write sets of each rule. A unique aspect of the algorithm is that the conflict analysis includes the effects of nested rule execution that occurs as a result of using an execution model with an immediate coupling mode. The algorithm therefore identifies conflicts that may occur as a result of the concurrent execution of different rule triggering sequences. The rules are then formed into a priority graph before execution, defining the order in which rules triggered by the same event should be processed. Rules with the same priority can be executed concurrently. The IRS algorithm guarantees confluence in the final state of the rule execution. The IRS algorithm is applicable for rule scheduling in both distributed and centralized rule execution environments.     

面向业务规则引擎研究

提出通过可视化定义企业业务规则，并解析执行规则的规则引擎来主动适应企业业务的变化。该系统以可视化的形式提供用户定义和实现业务规则的界面，以结构化语言XML描述业务规则，采用分层结构提供规则执行机制。完善的规则安全验证方式，实现信息系统动态地适应企业业务规则变化。     

PEARD: A Prototype Environment for Active Rule Debugging

This research has investigated dynamic, execution-based rule analysis through the development of a Prototype Environment for Active Rule Debugging, called PEARD. PEARD simulates the execution of active database rules, supporting the Event-Condition-Action rule paradigm. Rule definition is flexible, where changes to rules can be applied immediately during a debugging session without recompiling the system. A breakpoint debugging tool allows breakpoints to be set so that the state of variables may be inspected and changed anytime a breakpoint is reached during rule execution. A rule visualization tool displays the rule triggering process in graph form, supporting different visualization granularities to help the user to understand rule execution. Color coding is also used as part of the visualization tool to help the user see where the different parts of an ECA rule are executed due to deferred coupling modes. Users can examine different parts of the rule graph display to inspect the state of a transaction at different rule execution points. Other debugging features include a means for detecting potential cycles in rule execution and a utility to examine different rule execution paths from the same point in the rule triggering process. Our experience with PEARD has helped to identify some of the useful functional components of an active rule debugging tool and to identify research directions for future active rule development environments.This research was partially supported by NSF Grant No. IRI-9410993.     

基于组合服务执行信息的服务选取方法研究

组合服务选取问题是服务计算领域的一个研究热点问题,已往的选取方法大多基于难以准确获取的服务QoS信息,且算法思路复杂.文中提出了一种基于组合服务执行信息的服务选取方法.该方法分为3个阶段:数据生成阶段、数据挖掘阶段和服务选取阶段,分别进行组合服务执行信息的记载和相关数据集的生成、路径分支关联规则和服务执行顺序序列模式的挖掘以及基于挖掘产生的知识模式进行服务选取.文中首先给出一种可以方便记载日志的服务组合系统架构;然后提出一种基于时间加权的算法模型,以有效地进行路径分支关联规则和顺序序列模式的挖掘;最后对文中的组合服务选取方法进行描述.实验结果表明:文中方法在选取出的组合服务健壮性方面要优于基于QoS的方法.     

Graph-based rules and transactions for parallel and active database systems

Active database management systems are becoming increasingly popular because of their relevance to several advanced and complex database applications. The need for user-defined execution orders (or control structures) for rules is well recognized by researchers of active database management systems. Priority-based approaches (e.g., numeric priorities) have been used to specify a desired control structure among rules. However, due to the fact that fixed priorities are assigned to rules, independent of different contexts in which they may be triggered, the existing approaches are not able to allow rules to be executed following different control structures when they are triggered by different events. More flexible and expressive control mechanisms are often needed for rules in advanced database applications such as CAD/CAM, CASE, CIM and flexible manufacturing systems. Since rules in database environments are executed in a transaction framework, an expressive transaction model is needed to model complex control structures among rulesuniformly. In this work, we separate the event part from the condition-action parts of a rule and associate it with a rule graph which represents a set of rules (actually a set of condition-action pairs) sharing the same control structure. Different rule graphs can be defined under different event specifications thereby enabling a set of rules to follow different control structures when triggered by different events. We also use an expressive graph-based transaction model to incorporate the control structures of rule graphs uniformly in a transaction framework. The proposed rule and transaction modeling and execution techniques have been implemented and verified on a shared-nothing multiprocessor computer nCUBE2. In this paper, we also describe the client-server architecture and different parallel transaction and rule execution techniques that have been used for the implementation. Finally, we analyze the speedup and scaleup of the implemented system.     

一种在背景约束条件下的多级关联算法设计

在关联规则挖掘的实践中，人们往往只对一部分关联规则感兴趣。若将背景约束引入关联算法，不仅可以使挖掘结果更有意义，而且可以大大提高算法的速度。本文给出了一种将背景约束条件和多级关联规则相结合的高效算法。