协同环境中共有资源的细粒度协作访问控制策略

在军事和商业领域中,由多个自治域形成的协作群体对共有资源(如客体、应用程序以及服务等)的访问问题越来越受到重视.协作中的基本事实是:尽管这些自治域有共同的目标,但同时有不同的自身利益.为了有效地保护共有资源,把"信任"的概念引入了协作访问控制中,并在基于量化权限的思想上,提出了细粒度的协作访问控制策略.在该策略里,权限的使用形式是元权限,也就是单位权限,它是访问共有客体权限的一个划分,可为多个域中不同用户所拥有.当访问共有资源时,参与者们所拥有的元权限的值之和以及人数必须达到规定的权限门限值和人数值,并且访问时间是所有参与者的共同许可访问时间段,这使得可以对协作资源进行有效地分布控制.另外,还引入了元权限的使用时间段约束.最后,证明了该细粒度协作访问控制策略关于协作系统的状态转换是保持安全的.

A Fine-Grained Coalition Access Control Policy for Jointly-Owned Resources in Collaborative Environments

Joint access to shared resources (e.g., objects, applications, and services) among autonomous domains that form a coalition has recently become important in both military and commercial areas. The brass tacks in coalition are that these domains have different self-interests although they focus on achieving a common goal. In this paper, to enable effective protection of jointly-owned resources, the notion of trust into coalition access control is built, and a fine-grained access control policy based on quantifying permission idea is proposed. The usage format of permission in this policy is meta-permission that is a share of access permission to coalition resources and is owned by multiple domain users. When accessing jointly owned resources, the sum of participants'meta-permission value must attain a predefined permission quantity called "permission-threshold" and an assigned participant member number. In addition, permissible time span of the meta-permission is also taken into account to achieve the above goals and access requesting time must fall into their common permissible time span. Doing this enables the coalition to retain control over the access to coalition resources in distributed environments. Lastly, the preserving security property of the fine-grained access control policy with respect to state transition is proven.