CSCW系统访问控制模型及其基于可信计算技术的实现

现有的CSCW访问控制策略模型缺少时间和约束特性，在实现上也未能较好地解决开放网络下的身份伪装和欺骗问题，以及影响安全策略完整性实施的软硬件平台可信问题。本文基于角色一活动概念提出了一种具有时间依赖和约束特征的CSCW访问控制模型Fine-grained Access Control for CSCW，从而能够定义更为精确细致的安全策略；在模型实现中给出了Trusted Computing-enabled Access Control架构以及关键的策略分发和实施协议等。该方法通过建立完整的协作实体-CSCW平台-应用信任链，构建了可信的访问控制平台，增强了协作实体的身份鉴别，并通过角色相关策略的分发和在本地协作站点上的完整性实施，减轻了服务器端集中式执行安全策略的负担。

Access Control Model for CSCW System and Implementation Based on Trusted Computing Technology

Access control policies and models available lack of temporal characteristic, and do not well solve the question of identity disguise and cheat in open network, as well as platform trustworthy question effecting on security policies integrity enforcement. This paper presented an role-activity-based access control with time-dependent and constraints features for CSCW, called as Fine-grained Access Control for CSCW, which could define more precise security policies; Trusted Computing-enabled Access Control architecture and key policies dissemination and enforcement protocols are addressed. The method constructs CSCW trustworthy access control platform and strengthens cooperative entity identification, through creating integrated cooperative entity-CSCW platform-application trustworthy chain, as well as easing centralized policy server using partial related policies distribution and integrity enforcement in local workstation.