多域安全互操作的可管理使用控制模型研究

多域环境的异构、动态和区域自治的特点为安全互操作访问控制研究提出了新的挑战。近来在多域安全互操作访问控制方面做了大量研究,大多在单域内基于角色访问控制的前提下,将外域角色映射到本地角色来实现访问控制,在外域和本地角色的管理上缺乏系统化的统一。本文提出了可管理的使用控制模型,对外域和本地用户角色指派进行统一管理,弥补了原有模型的安全漏洞。该模型提供了足够的灵活性,可以区分外域用户和本地用户,并且对外域用户实施更为严格的控制,同时保留了传统 RBAC 模型的优点。该访问控制模型正在实践中实施。

Administrative Usage Control Model for Secure Interoperability between Administrative Domains

The heterogeneous,dynamic and self-governing in local domain nature of multi-domains environments intro- duces challenging security issues.Despite the recent advances in access control approaches applicable to secure interop- erability between multi-domains,there remain issues that to perform role-based access control model in one domain and implement security interoperability by translating role of foreign domain to local role.Amongst them are the lacks of u- niform administration for role of foreign and local domain.In this paper,we present an access control scheme that re- solve these issues,and propose a Administrative Usage Control(AUCON)framework which corrects the security shortcoming of previous model and administrates user-role assignment for local and foreign domain with untie method. The AUCON model provides flexible enough mechanism to distinguish user of foreign and local domain and enforces more strict control for foreign user.While retaining the advantages of traditional RBAC model.AUCON model is being implemented in our experiment.