计算机与现代化

• 应用与开发 • 上一篇    下一篇

基于量化行为的实时数据库备份系统访问控制模型

  

  1. 1.南瑞集团公司,江苏南京210003;2.南京航空航天大学计算机学院,江苏南京211106
  • 收稿日期:2017-03-31 出版日期:2018-01-23 发布日期:2018-01-24
  • 作者简介:刘赛(1988-),男,江苏徐州人,南瑞集团公司(国网电力科学研究院)工程师,硕士,研究方向:信息安全,云灾备; 聂庆节(1975-),男,工程师,研究方向:数据备份; 刘军(1979-),男,工程师,研究方向:云计算; 李东民(1992-),男,南京航空航天大学计算机学院硕士研究生,研究方向:数据库备份系统,访问控制; 李静(1976-),女,副教授,博士,研究方向:可信计算,数据库灾备。
  • 基金资助:
    国家电网公司总部科技项目(0711-150TL173)

A New Access Control Model for Real Time Database #br# Backup System Based on Quantified Action

  1. 1. NARI Group Corporation,Nanjing 210003, China;
    2. College of Computer Science, Nanjing Aeronautics & Astronautics University, Nanjing 211106, China
  • Received:2017-03-31 Online:2018-01-23 Published:2018-01-24

摘要: 实时备份系统对访问行为动态性具有较高限制,传统的访问控制模型在模型元素粒度和权限动态分配等方面存在的不足,会进一步影响其安全性。针对这一问题,引入时态、环境的概念以及行为模型元素的定义来描述访问活动,提出面向实时备份系统的量化行为访问控制模型QABAC(Quantified Action-Based Access Control)。该模型引入量化属性及信任度的概念,使用量化函数对属性进行动态量化,计算某访问行为的安全度,进一步地根据量化结果,将访问行为分配相应的信任度,并根据信任度配合最终授权策略以决定是否将特定权限授权给该访问行为。实验结果表明,与其他传统访问控制模型相比,QABAC模型具有更灵活及更安全的特点,更适用于当前开放复杂网络环境下数据库的安全保护。

关键词: 访问控制, 量化行为, 细粒度, 动态授权

Abstract: Real time backup system has a high restriction on the dynamic. Due to the shortages of the existing access control models in the granularity of the model elements and the dynamic allocation of rights, the security of backup system will be influenced. The concepts of temporal and environment and the definition of action are given to describe the access activities, a quantified action-based access control (QABAC) model for real time database backup system is proposed. The concepts of quantified attribute and trust degree are introduced firstly, the security degree of the access behavior is calculated by using the quantitative function to dynamically quantify the attributes, and then the trust degree of the access behavior is allocated according to the quantitative results. Finally authorization policy determines the access behavior through the trust degree. Compared with other traditional models, the QABAC model is more flexible, more secure, and more suitable for the current open network environment to protect the backup database security.

Key words: access control, quantified action, fine-grained, dynamic authorization

中图分类号: