"长城"安全政策的扩充研究及其实现

"长城"安全政策(Chinese Wall Security Policy,CWSP)是商业信息领域中重要的安全政策之一.但是Brewer-Nash提出的CWSP并不能很好地满足实际的需要.基于角色的访问控制(Role-Based Access Control,RBAC)模型是一种"政策中性(Policy Neutral)"的模型,被看作是最有可能替代传统的自主和强制访问控制模型的一种全新的模型,正越来越被信息安全领域所重视.本文首先介绍了RBAC和"长城"安全政策,然后根据实际应用对CWSP作了系统的扩充,最后本文系统地论述了基于RBAC的扩充CWSP的实现方法.

Research and Enforcement of Enhanced Chinese Wall Security Policy

Chinese Wall security policy (CWSP) is one of the most important security policies in commercial information area.But the CWSP proposed by Brewer and Nash can't fully meet the practical requirement.The role based access control (RBAC),a policy neutral model,has recently received considerable attention as a most promising alternative to traditional discretionary access control (DAC) and mandatory access control (MAC) models.RBAC and the Chinese Wall security policies are given,and expanded due to the practical application.The RBAC based method to expand CWSP is systematically discussed.Thus,the enhanced CWSP (ECWSP) is presented firstly.And then the method of configuring RBAC to enforce the ECWSP is systematically studied.