基于主客体安全性评估的访问控制模型

从访问行为的主体和客体安全性出发,提出了一种基于主客体安全性评估的访问控制模型。定义了用户安全度、资源安全度、用户安全级别、资源安全级别和操作级别等概念及其相互关系,提出了用户以某种操作访问某系统资源需要满足的条件公式。通过威胁、脆弱性和环境安全性估值的加权求和得到用户所访问客体所在设备的安全性估值,即为客体安全度。访问行为的主体安全度则取决于用户所用物理设备的安全性、用户对资源使用的合规性、用户的历史表现、第三方对用户的评价以及用户身份凭证级别。讨论了这5个因素估值的计算方法,并采用加权和求得主体安全度。最后,在实际应用中对该访问控制模型进行了实验验证。统计数据表明,与基于防火墙和入侵检测的访问控制系统相比,采用基于主客体安全性评估的访问控制系统的安全事件无论从总数还是严重性上都有明显下降。

Access Control Model Based on the Security Evaluation of Subject and Object

An access control model based on the security evaluation of subject and object is proposed in this paper. At first, some important concepts and their relationships, such as user (subject) security degree, resource (object) security degree, user security level, resource security level, and operation level were defined. Then a formula to qualify the condition that the user must satisfy when he accessed a certain system resource by a certain operation was provided from the angle of security. In the paper, the object security degree was decided by the security evaluation value of the device that the accessed resource lied in, which equaled the weighting sum of the evaluation values of the threat, the vulnerability and the environment security. The user security degree was decided by five factors as follows: the security of physical device used by the user, compliance of the use of the resources, the history behavior of the user, the evaluation of the user by a third party, and the identity certificate class. The methods to compute the values of these five factors were discussed and the subject security degree is equal to the weighting sum. At last, the proposed access control model based on the security evaluation of subject and object is verified in practical application. The statistics of experiment showed, compared with the access control system depended on firewall and IDS, the total number and severity of security events of the system based on the proposed access control model decreased obviously.