一种基于风险的多域互操作动态访问控制模型

随着Internet及其相关技术的快速发展,在开放的、异构的多自治域环境下,出现了大量的分布式应用之间的互操作.多自治域环境的复杂性与信息安全共享不断演变进化的特点,使得传统访问控制模型难以保证数据资源在交互过程中的安全.通过将风险概念引入访问控制中,提出一种基于风险的多域动态访问控制模型.在本模型中,主体所具有的某项安全策略的风险等级由自治域间的互操作历史记录、客体的安全等级以及访问事件的安全系数得出,通过对高风险等级的安全策略进行调整以达到对系统风险的实时控制.理论分析表明这种方法可有效保证访问控制的灵活性和多自治域环境的安全性.     

一种基于角色代理的服务网格虚拟组织访问控制模型

给出一种基于角色代理技术的虚拟组织访问控制模型，与同类研究成果相比，在不降低自治域的安全管理效率的情况下，能够实现虚拟组织的细粒度授权和确保自治域的安全策略不被破坏．该模型的一个原型系统已经实现，并通过一个基于网格的低成本电子政务平台中的实例进行了验证．     

多域环境下安全互操作研究进展

多域安全互操作是通过认证机制、访问控制机制和审计机制来实现多个分布、异构、自治区域间安全的资源共享和信息交互的过程.系统介绍了这一新型研究领域的理论基础和应用现状,从解决访问控制安全和域间策略冲突的角度,对域间角色转换技术、基于信任管理、基于PKI和基于时间限制等方向的多项研究成果和关键技术进行分析和点评,重点探讨了多域环境下各自治域间策略集成算法的建模和实现,最后针对目前研究工作中存在的问题,对该领域未来的发展方向和趋势做出展望.     

基于票证的安全策略协同模型的设计与实现

为了在异构信息系统之间能够有效地共享资源,就需要在不同的安全策略域之间实现安全策略的协同。该文建立并形式化了安全策略域标识和域关系模型,以及模型实现中两个最关键的问题——全局解析机构和域标识解析的解决方法。进一步,给出了一个基于票证的安全策略协同模型,以一种统一的策略来表示处理系统中的各种授权和访问控制,并用形式化的语言对其进行了描述。从而解决了分散授权模型带来的一些安全问题,较好地实现了授权的集成。     

基于双向防御的跨安全域访问控制方法研究

实现逻辑隔离的不同网络安全域之间的信息共享与业务协作是一个重要而紧迫的课题。本文提出一种基于双向防御的跨安全域访问控制方法,该方法基于网络安全域已有的信任体系建立跨域信任关系,在访问请求发起方和目标所在域同时实施基于授权策略的访问控制,通过角色映射以代理方式访问目标资源,从而实现了跨域访问过程中网络安全域边界的双向防御,保障了各安全域的边界安全以及信息共享与业务协作的安全运行。     

新的基于角色的跨信任域授权管理模型

多信任域间的安全访问是一项重要的研究内容。结合基于角色访问控制机制（RBAC）的优势及现有的跨域认证技术构建了一种适用于大规模分布式网络环境的跨信任域授权管理CTDPM（Crossing the Trusted-domain Privilege Management）模型。模型中提出角色推荐和单向角色映射策略,支持分布式环境下任意两个信任域之间的安全访问。运用集合论和谓词逻辑对CTDPM模型进行了系统的形式化描述,提出了一套合理的授权与安全规则,并进行了特性分析,最后给出该模型在访问控制系统中的安全应用。     

网格环境中基于信任度的动态访问控制模型

针对网格自身异构、动态的特点以及现有访问控制技术无法满足网格系统动态性的安全需求,提出了一种基于信任度的动态访问控制模型.该模型在基于角色的访问控制基础上,给出域间和域内成员信任关系的计算,构建了一种基于信任度的动态访问控制模型.     

基于划分和规则访问控制授权模型的研究

针对基于划分和规则访问控制授权方式中仍存在证书的有效撤销问题,提出了一种非公钥证书方式的用户授权模型,实现信息域的安全访问控制.该模型基于X.509 v4的clearance结构,完成授权信任机构、授权证书、证书存储三个主要功能,实现了异构平台之间的信息交互,并和其它身份认证方式一起构成应用对目标资源的安全访问.     

基于使用控制和上下文的动态网格访问控制模型研究

网格环境动态、多域和异构性的特点决定其需要灵活、易于扩展和精细的授权机制.近来在网格环境下的访问控制方面做了大量研究,现有的模型大多在相对静止的前提下,基于主体的标识、组和角色信息进行授权,缺乏具体的上下文信息和灵活的安全策略.本文提出了网络环境下基于使用控制和上下文的动态访问控制模型.在该模型中,授权组件使用主体和客体属性定义传统的静态授权;条件组件使用有关的动态上下文信息体现了对主体在具体环境中的动态权限控制.在该模型的基础上,本文实现了一个原型系统,以验证模型的效率和易于实现性.     

云计算中基于信任的多域访问控制策略

在云计算环境中,访问控制策略是保障云用户与云资源/服务安全的有效手段。本文在分析云计算安全特点的基础上,将信任度的概念引入基于角色的访问控制策略,并结合云计算环境存在多个安全管理域的特点,给出了信任度在本地域以及跨域的计算方法,提出基于信任度的多域访问控制框架。本地域的访问控制策略在RBAC的基础上引入信任度进行实施,而跨域的访问控制会涉及到角色转换。文章在基于信任的RBAC模型中,提出一种灵活的通过角色关联和动态角色转换实现跨域访问控制的方法。     

A Role Engineering Framework to Support Dynamic Authorizations in Collaborative Environments

ABSTRACT

With the increasing availability of networks and the advancements in their underlying infrastructure of mobile devices, access control and authorization issues will be enablers of future technologies in collaborative environments. Recent works demonstrate efforts to dynamically authorize users without prior knowledge and with no security configuration attributes or roles previously assigned to them. Moreover, current role-based engineering approaches construct role hierarchies without reflecting the organizational structure, since they do not take into account structural organizational characteristics. In this paper we propose an innovative role structure, not solely dependent on naming methods but also that takes into account organizational as well as functional characteristics to provide a practical role assignment methodology between organizations in a collaborative environment. More specifically, we argue that beyond the fact that a role represents a job assignment to perform certain function(s), it is also a composite element representing several organizational characteristics such as organizational function, organizational domain and level of authority. The proposed role structure enables role-to-role assignment as external nonlocal users request access in a particular information system (e.g., people on the move, users logged in from a collaborative organization) and acquire local role(s). A clear advantage in the proposed framework is its flexibility in the role assignment process, since the proposed role decomposition does not require an exact match of predefined credentials. The methodology is autonomous, as no prior trust establishment is required between interactive organizations, expendable as new organizations can join the collaboration without affecting the existing ones, flexible as it does not affect the local access control policy, scalable as the collaboration can increase arbitrary and efficient as the comparison methodology guarantees the selection of the appropriate local role, if such one exists.     

基于多维度量和上下文的访问控制模型

在分布式系统中,用户身份难以确定、接入平台复杂,且网络环境动态多变,传统的基于角色或身份的访问控制模型已无法满足用户需求。为此,结合基于角色访问控制(RBAC)和信任管理(TM)的特点,在RBAC的基础上,引入信任与上下文的概念,对用户身份、接入平台及用户行为进行多维度量,根据网络环境和用户状态的动态多变性,提出一种基于多维度量和上下文的访问控制模型(MCBAC),该模型主要依据用户的身份信息和可信度分配角色,通过上下文约束,实现动态角色授权控制,具有较高的安全性及较好的灵活性。     

Trust-based security in pervasive computing environments

Traditionally, stand-alone computers and small networks rely on user authentication and access control to provide security. These physical methods use system-based controls to verify the identity of a person or process, explicitly enabling or restricting the ability to use, change, or view a computer resource. However, these strategies are inadequate for the increased flexibility that distributed networks such as the Internet and pervasive computing environments require because such systems lack central control and their users are not all predetermined. Mobile users expect to access locally hosted resources and services anytime and anywhere, leading to serious security risks and access control problems. We propose a solution based on trust management that involves developing a security policy, assigning credentials to entities, verifying that the credentials fulfill the policy, delegating trust to third parties, and reasoning about users' access rights. This architecture is generally applicable to distributed systems but geared toward pervasive computing environments     

安全群通信系统中通用访问控制框架的研究

为了适应群应用对安全性要求的多样性,提出了一种通用访问控制框袈。该框架支持分布式成员加入和授权控制以及动态安全策略,本文通过原型系统验证了其可行性。     

应用安全平台体系中安全策略模型的研究

在分布式系统中,安全策略的管理是很重要的,为了对分布式系统中的安全策略方便地进行管理,并且可以适应不同类型的分布式认证系统,该文通过对RBAC96模型的研究,给出了通过结构化的语言(XML)来描述应用安全平台体系中的安全策略模型和一个实例。     

协同环境中共有资源的细粒度协作访问控制策略

在军事和商业领域中,由多个自治域形成的协作群体对共有资源(如客体、应用程序以及服务等)的访问问题越来越受到重视.协作中的基本事实是:尽管这些自治域有共同的目标,但同时有不同的自身利益.为了有效地保护共有资源,把"信任"的概念引入了协作访问控制中,并在基于量化权限的思想上,提出了细粒度的协作访问控制策略.在该策略里,权限的使用形式是元权限,也就是单位权限,它是访问共有客体权限的一个划分,可为多个域中不同用户所拥有.当访问共有资源时,参与者们所拥有的元权限的值之和以及人数必须达到规定的权限门限值和人数值,并且访问时间是所有参与者的共同许可访问时间段,这使得可以对协作资源进行有效地分布控制.另外,还引入了元权限的使用时间段约束.最后,证明了该细粒度协作访问控制策略关于协作系统的状态转换是保持安全的.     

基于信任的动态多级访问控制模型

针对传统基于角色的访问控制(Role-Based Access Control, RBAC)系统中的访问资源共享伸缩性有限、安全性不足及权限需预先设定分配等问题，为了提高权限控制的兼容性，细化访问控制粒度，本文提出一种基于信任的动态多级访问控制模型(Trust-Based Dynamic Multi-level Access Control Model, TBDMACM)，通过用户的静态角色及动态信任度获得相应的权限授权，保证数据机密性和访问过程安全可控。实验结果表明，这种访问控制方式能够有效地防止恶意访问，较好地解决系统权限伸缩性问题。     

Secure resource sharing on cross-organization collaboration using a novel trust method

A virtual enterprise (VE) consists of a network of independent, geographically dispersed administrative business domains that collaborate with each other by sharing business processes and resources across enterprises to provide a value-added service to customers. Therefore, the success of a VE relies on full information transparency and appropriate resource sharing, making security and trust among subjects significant issues. Trust evaluation to ensure information security is most complicated in a VE involving cross-organization collaboration. This study presents a virtual enterprise access control (VEAC) model to enable resource sharing for collaborative operations in the VE. A scenario for authentication and authorization in the life cycle of a VE is then described to identify the main activities for controlling access. Also developed herein is a trust evaluation method based on the VEAC model to improve its security while safeguarding sensitive resources to support collaborative activities. The trust evaluation method involves two trust evaluation sub-models, one to evaluate the level of trust between two virtual enterprise roles, and another to measure the level of trust between two projects. The two sub-models support each other to make resource-sharing decisions, and are developed based on the concepts of direct, indirect, and negative trust factors. Finally, an example of measuring the trust between two subjects is demonstrated after introducing the two sub-models. The VEAC-based trust evaluation method enables the following: (1) secure resource sharing across projects and enterprises, (2) collaborative operation among participating workers, (3) increased information transparency and (4) lowered information delay in VEs.     

A secure collaboration service for dynamic virtual organizations

Nowadays, various promising paradigms of distributed computing over the Internet, such as Grids, P2P and Clouds, have emerged for resource sharing and collaboration. To enable resources sharing and collaboration across different domains in an open computing environment, virtual organizations (VOs) often need to be established dynamically. However, the dynamic and autonomous characteristics of participating domains pose great challenges to the security of virtual organizations. In this paper, we propose a secure collaboration service, called PEACE-VO, for dynamic virtual organizations management. The federation approach based on role mapping has extensively been used to build virtual organizations over multiple domains. However, there is a serious issue of potential policy conflicts with this approach, which brings a security threat to the participating domains. To address this issue, we first depict concepts of implicit conflicts and explicit conflicts that may exist in virtual organization collaboration policies. Then, we propose a fully distributed algorithm to detect potential policy conflicts. With this algorithm participating domains do not have to disclose their full local privacy policies, and is able to withhold malicious internal attacks. Finally, we present the system architecture of PEACE-VO and design two protocols for VO management and authorization. PEACE-VO services and protocols have successfully been implemented in the CROWN test bed. Comprehensive experimental study demonstrates that our approach is scalable and efficient.