RBAC职责分割定义及实现模型分析

访问控制是信息安全领域的重要问题之一;目前,基于角色的访问控制模型(RBAC)已被广泛接受,并成为领域专家学者研究的热点;职责分割(SoD)是RBAC的重要方面,它为增强高层次的组织安全策略提供了强大的机制,RBAC职责分割定义给出了各种职责分割约束的具体内容;针对不同的职责分割需求,各种基于角色的访问控制职责分割约束实现模型不断出现;根据应用系统的实际需求选择合适的访问控制模型必须了解各种模型的特点,该文通过分析RBAC中不同SoD模型的特点,指出其适用范围。     

属性RBAC策略的OWL表示和推理

将属性作为授权约束,给出了属性扩展的RBAC模型。提出了一种基于OWL的属性RBAC策略定义和表示方法。该方法支持复杂属性表达式、属性值偏序关系、角色层次关系和约束的定义;在推理机的支持下,可以执行访问控制决策推理,属性表达式支配关系判定和策略知识一致性检测。具体应用案例说明了该方法的可行性。     

New role-based access control in ubiquitous e-business environment

Ubiquitous e-business is one of major topics in intelligent manufacturing systems. Ubiquitous e-business environment requires security features including access control. Traditional access control models such as access control list (ACL), mandatory access control (MAC), and role-based access control (RBAC) are unsuitable for a ubiquitous e-business environment because they cannot satisfy its requirements. In this study, we propose a new access control model termed the Ubi-RBAC model. It is based on the RBAC model and adds new components such as space, space hierarchy, and context constraints. Ubi-RBAC covers the context awareness and mobility of subjects (human users), which are the key issues of access control in the ubiquitous e-business environment.     

结合本体和SWRL描述RBAC委托模型

用户之间的角色委托是RBAC模型需要支持的一种重要安全策略,其主要思想是系统中的用户将角色委托给其他用户,以便以前者名义执行特定的工作。对RBAC委托模型进行了本体建模,借助SWRL（Semantic Web Rule Language）定义的规则对委托中的互斥限制、时间限制、重复限制、前置角色限制等相关限制进行推理,保证了委托系统的安全性和自主决策性。     

Role mining using answer set programming

With the increasing adoption of role-based access control (RBAC) in business security, role mining technology has been widely applied to aid the process of migrating a non-RBAC system to an RBAC system. However, because it is hard to deal with a variety of constraint conflicts at the same time, none of existing role mining algorithms can simultaneously satisfy various constraints that usually describe organizations’ security and business requirements. To extend the ability of role mining technology, this paper proposes a novel role mining approach using answer set programming (ASP) that complies with constraints and meets various optimization objectives, named constrained role miner (CRM). Essentially, the idea is that ASP is an approach to declarative problem solving. Thus, either to discover RBAC configurations or to deal with conflicts between constraints, ASP programs do not need to specify how answers are computed. Finally, we demonstrate the effectiveness and efficiency of our approach through experimental results.     

基于互斥角色约束的SSOD策略实现研究

静态职责分离（SSOD）是保证计算机安全的重要策略。在基于角色的权限控制(RBAC)中直接基于互斥角色约束（2-2 SMER）实现最简单的SSOD策略（2-n SSOD）是困难的。通过对互斥角色的权限分配进行约束,研究并证明了基于2-2 SMER实现2-n SSOD策略的充分条件,此充分条件和现有研究相比具有更弱的约束力,支持更灵活的权限分配。进一步给出了实现2-n SSOD策略的授权管理操作规则,以确保权限的动态管理始终满足此充分条件,维持系统对2-n SSOD策略的满足状态。最后,通过应用实例说明了实现2-n SSOD策略方法的有效性和可行性     

电子政务中的扩展RBAC安全策略研究

通过对基于角色的访问控制模型(RBAC)与其扩展的研究,该文提出了在电子政务系统中适用的强制性的基于时空约束与角色的访问控制模型(MSTRBAC),该模型在RBAC中引入了强制性授权、时间约束与空间约束的手段,具有安全性完备,授权灵活,实现简单的特点。     

空间职责分离约束的实施

支持空间特性的RBAC模型描述了多种空间约束,这些空间约束不但表达了位置感知系统中细粒度空间语义,而且给模型增加了空间安全描述能力.能否准确实施空间约束直接影响应用系统功能和开销.本文研究空间职责分离(SSoD)约束的两种实施策略:(1)直接实施(2)间接实施.证明了直接实施是一个NP完全问题,而通过互斥空间角色(MESR)约束间接实施SSoD是有效的.多个MESR约束可以实施同一个SSoD,在比较后发现,当使用最小MESR约束作为实施机制时,能有效避免冗余约束准确实施该SSoD.为获得最小MESR约束本文给出了GEN-MESR算法.     

基于分层对象化RBAC的设计与实现

安全内核的功能是维护系统内部信息的安全.通常是根据不同的安全需求,在安全内核中实施不同的安全策略.RBAC是一种能够满足系统多方面安全需求的访问控制机制.传统RBAC在改变角色的操作集合时,易与外部应用程序发生冲突.通过把访问系统内部信息的操作对象化,并作为角色分派给应用程序,在对象化的操作和应用程序之间派生出一个角色权限检查对象,灵活地实施分层对象技术,能够克服传统RBAC的不足,使RBAC的安全策略能够任意改变.     

Security analysis of GTRBAC and its variants using model checking

Security analysis is a formal verification technique to ascertain certain desirable guarantees on the access control policy specification. Given a set of access control policies, a general safety requirement in such a system is to determine whether a desirable property is satisfied in all the reachable states. Such an analysis calls for the use of formal verification techniques. While formal analysis on traditional Role Based Access Control (RBAC) has been done to some extent, recent extensions to RBAC lack such an analysis. In this paper, we consider the temporal RBAC extensions and propose a formal technique using timed automata to perform security analysis by analyzing both safety and liveness properties. Using safety properties one ensures that something bad never happens while liveness properties show that some good state is also achieved. GTRBAC is a well accepted generalized temporal RBAC model which can handle a wide range of temporal constraints while specifying different access control policies. Analysis of such a model involves a process of mapping a GTRBAC based system into a state transition system. Different reduction rules are proposed to simplify the modeling process depending upon the constraints supported by the system. The effect of different constraints on the modeling process is also studied.     

基于角色访问控制模型约束的OCL描述

基于角色的访问控制模型(RBAC)凭借其灵活的授权机制、强大的管理功能和完善的安全策略越来越引起人们的研究兴趣,随着研究的不断深入,面向对象的研究方法也逐渐应用到这个模型中,促进了它的迅速发展。UML作为一种强大的建模语言,不只是局限于支持面向对象的分析与设计,还支持从需求分析开始的软件开发的全过程,通过UML的描述可以使理论模型更加直观地应用到实际系统开发。该文使用UML的对象约束语言(OCL)来描述RBAC中的相关约束,使约束描述更加标准化,更有利于系统开发人员对模型的理解和促进RBAC模型的系统开发。     

具有时空约束的角色访问控制模型

信息技术的高度发展对信息安全提出了新的挑战,经典的基于角色的访问控制（RBAC）中缺乏对时间和空间的约束,使RBAC模型不能适应信息系统新的安全需求。在RBAC的基础上,引入了时空域的定义,对模型中各要素进行了时间和空间约束,提出了具有时空约束的角色访问控制模型（TSRBAC）。形式化地描述了TSRBAC,并定义了时空角色继承和时空职责分离,给出了时空访问控制算法。     

基于本体的操作系统安全策略生成模型

随着操作系统安全问题增多,用户对于操作系统的安全需求不断涌现,但是目前能够将用户的安全需求转换成现有操作系统上可配置的安全策略的方法很少。通过建立安全属性和系统调用的匹配关系,将安全属性作为授权系统调用的约束,提出一种基于本体的面向目标的操作系统安全策略生成模型。该模型可支持以白名单形式描述的安全需求的细化,将安全分析者的经验加入到模型中,在推理机的支持下,帮助执行从用户安全需求到具体安全策略的推理,和安全策略一致性检测。具体应用案例说明了该方法的可行性。     

Expressing inter-link constraints in OWL knowledge bases

Abstract: In this paper the Web Ontology Language (OWL) is examined to instantiate expert system knowledge bases intended for semantic Web applications. In particular, OWL is analyzed for expressing Unified Modeling Language (UML) representations that have been augmented with propositional logic asserted as inter‐link constraints. The motivation is ultimately to provide declarative propositional logic constraints that can be represented in UML and declaratively implemented using OWL and other constructs to realize semantic Web knowledge base repositories and databases to facilitate expert system applications. The results of this paper show that OWL is sufficient for capturing most inter‐link constraints asserted on generalization/specialization instances; however, OWL alone is inadequate for representing some inter‐link constraints asserted on associations. We propose enhancements to OWL via RDF extensions for the reification of associations into classes. These extensions mitigate all concerns that were identified in OWL as part of this study. The result is increased support of declarative constraint representations, which can be expressed in knowledge bases in the context of the semantic Web.     

Security constraint processing in a multilevel secure distributeddatabase management system

In a multilevel secure distributed database management system, users cleared at different security levels access and share a distributed database consisting of data at different sensitivity levels. An approach to assigning sensitivity levels, also called security levels, to data is one which utilizes constraints or classification rules. Security constraints provide an effective classification policy. They can be used to assign security levels to the data based on content, context, and time. We extend our previous work on security constraint processing in a centralized multilevel secure database management system by describing techniques for processing security constraints in a distributed environment during query, update, and database design operations     

An adaptive security model using agent-oriented MDA

Model-driven architecture (MDA) supports model-centred software development via successive model transformation. In MDA, the reusability of models is improved as well as the traceability of requirements. Agent-oriented model-driven architecture (AMDA) associates adaptive agents with a business-oriented interaction model and lets agents dynamically interpret their behaviour from the continuously maintained model via which the current business needs are deployed at runtime. The continuous re-interpretation rather than discrete re-transformation of models means immediate requirements deployment after re-configuration, no system down time being required to affect changes and results in a development process that is oriented to business experts rather than developers. Adopting the adaptive agent model, an AMDA paradigm, we put forward a security–aware model-driven mechanism by using an extension of the role-based access control (RBAC) model. For this purpose, the concept of agent role proposed in agent-oriented software engineering (AOSE) is integrated with the one proposed in RBAC. Agent duties are specified in an interaction model and describe the roles that agents can play to fulfil their functional responsibilities. Agent rights are specified in a security policy rule model attached to the interaction model and describe constraints upon agent capabilities caused by their associated social roles. The role-based interaction and policy-driven model incorporates both agent rights and duties. Hence, functional requirements and non-functional security constraint requirements are put together, related by the concept of role. Consequently, agents can continuously use the re-configurable model to play their roles in order to fulfil their responsibilities, and at the same time respect the security constraints. The major contribution from the approach is a method for building adaptive and secure MAS, following model-driven architecture. The approach is illustrated with an actual British railway management system.     

基于角色的访问控制在制造业中的应用

基于角色的访问控制(RBAC:Role-Based Access Control)是实施西向企业安全策略的一种有效的访问控制方式。文章首先介绍了RBAC策略;而后在RBAC策略的指导下以舰船设计过程管理系统为例,详细分析了其安全需求,设计了适合该应用的多个RBAC元素;最后给出了一个具体实现RBAC的方案。     

基于角色委托模型及扩展

角色委托是RBAC模型需要支持的一种重要安全策略。其主要思想是系统中的主动实体将角色委托给其他主动实体,以便以前者名义执行特定的工作。提出一个基本的角色委托模型,在该模型的基础上,从应用出发,分别在时间约束、部分委托约束、角色依赖约束、层次角色模型的委托限制方面进行了扩展,给出了委托权限的回收方法,为模型在实际环境中的应用奠定了基础。     

带有约束的"长城"安全策略模型及其实现

"长城"安全策略模型是商业信息领域中重要的安全策略模型之一,它能够巧妙地将自由选择与强制访问控制结合在一起,既具有自主控制的灵活性,又能对存取操作加以限制.但是"长城"安全策略模型仍不能很好地满足实际的需要,存在着一定的缺陷,因此增加时间约束,职责分离约束和基数约束,对"长城"安策略模型进行扩展,提出一种带有约束的"长城"安全策略模型.     

普适计算中动态和语义的安全策略管理

普适计算环境是信息空间与物理空间的融合,存在着既要实现信息高度共享和协作,又要保证安全隐私之间的矛盾。该文提出普适计算环境中动态的、语义的安全策略管理机制。引入统一的本体知识库,根据上下文的变化,通过本体服务动态调整策略服务和事件服务,实现策略的动态执行。描述该机制的策略管理框架、策略动态执行和策略规范。通过普适计算的典型应用场景,分析和说明如何应用该机制。