| 基于家族基因的网络访问控制模型 |
| |
| 引用本文: | 孙飞显,,刘晓洁,李 涛,赵 奎,胡晓勤,曾金全.基于家族基因的网络访问控制模型[J].计算机工程,2007,33(12):37. |
| |
| 作者姓名: | 孙飞显 刘晓洁 李 涛 赵 奎 胡晓勤 曾金全 |
| |
| 作者单位: | (1. 四川大学计算机学院,成都 610065;2. 河南教育学院信息系,郑州 450014) |
| |
| 摘 要: | 传统的网络访问控制机制大多与身份认证机制分开设计,针对其安全性差、效率低等问题,受人体免疫系统能自动识别并排斥非自体物质原理启发,该文提出了一种基于家族基因的网络访问控制模型(FBAC),给出了模型中网络家族、家族基因、基因证书等定义,建立了基因指派、制定族规、基因签名等用于生成基因证书的机制,描述了网络家族构造和基于家族基因的访问控制等算法。解决了入侵者绕过身份认证机制而存取网络资源的安全问题,克服了X.509数字证书认证效率低、证书主体信息不明确的缺陷,具有安全、高效等特点,是保障网络安全的一种有效新途径。
|
| 关 键 词: | 网络安全 访问控制 免疫 家族基因 |
Family-gene Based Network Access Control Model |
| |
| SUN Feixian,LIU Xiaojie,LI Tao,ZHAO Kui,HU Xiaoqin,ZENG Jinquan.Family-gene Based Network Access Control Model[J].Computer Engineering,2007,33(12):37. |
| |
| Authors: | SUN Feixian LIU Xiaojie LI Tao ZHAO Kui HU Xiaoqin ZENG Jinquan |
| |
| Affiliation: | (1. School of Computer, Sichuan University, Chengdu 610065; 2. Deptment of Information, Henan Institute of Education, Zhengzhou 450014) |
| |
| Abstract: | Inspired by principles of the human immune system, a family-gene based model for network access control, referred to as FBAC, is proposed. With the concepts and formal definitions of network-family, family-gene, and gene-certificate of FBAC presented, the bionic mechanisms of gene-assignment, family-rule constitution, and gene-signature for gene-certificate generation are established. The algorithms of network- family construction and family-gene based access control are described. The access control problems, which result from the penetration of conventional authentication mechanisms, are solved, and the defect of ambiguity of subject information in X.509 certificates is overcome. FBAC has a better safety and efficiency than the traditional techniques. It provides an effective novel solution to network security. |
| |
| Keywords: | Network security Access control Immunity Family-gene |
|
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
