基于危机事件的自适应访问控制模型

doi:10.3969/j.issn.1006-2475.2019.08.018

计算机与现代化

基于危机事件的自适应访问控制模型

（南京航空航天大学计算机科学与技术学院，江苏南京211106）

收稿日期:2019-01-29 出版日期:2019-08-15 发布日期:2019-08-16
作者简介:杨阳(1994-)，男，安徽铜陵人，硕士研究生，研究方向：系统安全性和访问控制，E-mail： yychopper@163.com；曹彦(1985-)，女，河南许昌人，博士研究生，研究方向:信息安全。
基金资助:
国家自然科学基金资助项目(61772270)

Adaptive Access Control Model Based on Hazardous Events

(College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China)

Received:2019-01-29 Online:2019-08-15 Published:2019-08-16

摘要/Abstract

摘要： 访问控制作为一种限制用户对资源使用的技术，常用于应用系统中提供一定的资源保护能力，通过对资源请求者的自身条件、使用条件、使用义务等要素进行约束，来限制资源请求者的行为。在复杂系统中，通常使用访问控制技术来对系统中的可访问资源进行管理。当系统中有危机事件发生时，传统的访问控制模型难以给动态变化的系统环境提供足够的灵活程度。本文提出一种基于危机事件的自适应访问控制模型，接着给出模型的动态调整方法，最后基于案例对模型动态调整过程中可能产生的策略冲突问题进行分析，确定策略冲突的消解规则。

关键词: 访问控制, 危机事件, 自适应调整, 策略冲突消解

Abstract: Access control is a technology that restricts the use of resources. It is often used to provide certain resource protection capabilities in application systems. It restricts the behavior of resource requesters by restricting their own conditions, use conditions and use obligations. In complex systems, access control technology is usually used to manage the accessible resources. When there are hazardous events in the system, traditional access control model can not provide enough flexibility for the dynamic system environment. In this paper, an adaptive access control model based on hazardous events is proposed, then the dynamic adjustment method of this model is given. Finally, the possible policy conflicts in the process of dynamic adjustment of the model are analyzed based on a case, and the resolution rules of the policy conflicts are determined.

Key words: access control, hazardous events, adaptive adjustment, policy conflict resolution

中图分类号:

TP311

杨阳，曹彦. 基于危机事件的自适应访问控制模型[J]. 计算机与现代化, doi: 10.3969/j.issn.1006-2475.2019.08.018.

YANG Yang, CAO Yan. Adaptive Access Control Model Based on Hazardous Events[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2019.08.018.

参考文献

［1］ SANDHU R S, COYNE E J, FEINSTEIN H L, et al. Role-based access control models［J］. Computer, 1996,29(2):38-47.
［2］ SNYDER L. Formal models of capability-based protection systems［J］. IEEE Transactions on Computers, 1981(3):172-181.
［3］ FERRAIOLO D F, KUHN D R. Role-based access control［C］// The 15th National Computer Security Conference. 1992:554-563.
［4］ THOMAS R K, SANDHU R. Task-based authorization controls (TBAC): A family of models for activeand enterprise-oriented authorization management［C］// Proceedings of the IFIP WG11.3 Workshop on Database Security. 1997:166-181.
［5］ THOMAS R. Team-based access control (TMAC): A primitive for applying role-based access controlsin collaborative environments［C］// The 2nd ACM Workshop on Role-based Access Control. 1997:13-19.
［6］ ARDAGNA C A, CREMONINI M, DAMIANI E, et al. Supporting location-based conditions in access control policies［C］// 2006 ACM Symposium on Information, Computer and Communications Security. 2006:212-222.
［7］ RAY I, KUMAR M, YU L. LRBAC: A location-aware role-based access control model［C］// International Conference on Information Systems Security. 2006:147-161.
［8］ COVINGTON M J, SASTRY M R. A contextual attribute-based access control model［C］// Proceedings of 2006 International Conferences on “On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET”. 2006:1996-2006.
［9］ CHAKRABORTY S, RAY I. TrustBAC: Integrating trust relationships into the RBAC model for access control in open systems［C］// The 11th ACM Symposium on Access Control Models and Technologies. 2006:49-58.
［10］张强,郑洪源,丁秋林. 基于任务和角色的工作流多约束访问控制模型［J］. 计算机与现代化, 2011(12):9-12.
［11］邓瑞芝,祝胜林. 空间数据库的访问控制技术［J］. 计算机与现代化, 2010(1):136-139.
［12］CASTIGLIONE A, SANTIS A D, MASUCCI B, et al. Hierarchical and shared access control［J］. IEEE Transactions on Information Forensics & Security, 2016,11(4):850-865.
［13］黄姝娟,朱怡安,高武奇,等. 双重触发的嵌入式系统内核安全访问控制［J］. 计算机与现代化, 2018(5):83-89.
［14］李凤华,王彦超,殷丽华,等. 面向网络空间的访问控制模型［J］. 通信学报, 2016,37(5):9-20.
［15］VENKATASUBRAMANIAN K K, MUKHERJEE T, GUPTA S K S. CAAC：An adaptive and proactive access control approach for emergencies in smart Infrastructures［J］. ACM Transactions on Autonomous & Adaptive Systems, 2014,8(4):20.
［16］BAKAR A A, GHAPAR A A, ISMAIL R. Access control and privacy in MANET emergency environment［C］// IEEE International Conference on Computer & Information Sciences. 2014.
［17］SCHEFER-WENZL S, STREMBECK M. Generic support for RBAC break-glass policies in process-aware information systems［C］// ACM Symposium on Applied Computing. 2013:1441-1446.
［18］DANIEL D L, GINS D T, FLIX G M, et al. Dynamic counter-measures for risk-based access control systems: An evolutive approach［J］. Future Generation Computer Systems, 2016,55(C):321-335.
［19］PENG Y, SONG Y, JU H, et al. Study of cross-domain access control among emergency organizations based on position-mapping［J］. Computer Engineering, 2014(6):104-108.
［20］倪川. 支持协作危机管理的ABAC扩展模型研究［D］. 南京：南京航空航天大学, 2015.
［21］FUGINI M, TEIMOURIKIA M. Risks in smart environments and adaptive access controls［C］// The 4th IEEE International Conference on Innovative Computing Technology. 2014:97-102.
［22］林莉,怀进鹏,李先贤. 基于属性的访问控制策略合成代数［J］. 软件学报, 2009,20(2):403-414.

[1]	古丽博斯坦·阿克木, 努尔买买提·黑力力. 支持动态策略变化的ABAC决策回收[J]. 计算机与现代化, 2022, 0(10): 47-54.
[2]	刘铮, 吴柯桦, 叶春晓. 增强安全的云存储数据访问控制方案[J]. 计算机与现代化, 2021, 0(10): 119-126.
[3]	李文全, 徐素萍. 基于地理信息的旅游资源信息库系统[J]. 计算机与现代化, 2021, 0(08): 100-103.
[4]	刘雪贞, 崔艳, 邓小飞, 彭杰. 支持权限管理的高效属性撤销机制[J]. 计算机与现代化, 2021, 0(07): 95-101.
[5]	赵微, 秦砺寒, 运晨超. 基于Portal认证技术的科技成果数据跨平台访问控制[J]. 计算机与现代化, 2021, 0(07): 102-106.
[6]	孙广成, 李洪赭, 李赛飞, 张晓薇. 基于区块链的物联网访问控制系统[J]. 计算机与现代化, 2020, 0(11): 100-108.
[7]	薛寒星1,2，尤佳莉1,2，王劲林1,2. 异构边缘网络中内容扩散策略及优化[J]. 计算机与现代化, 2020, 0(01): 34-.
[8]	缪思薇1，余文豪1，姚峰2，高婧3. 针对PLC访问控制的安全分析[J]. 计算机与现代化, 2019, 0(09): 41-.
[9]	张芃,周良. 基于信任的动态多级访问控制模型[J]. 计算机与现代化, 2019, 0(07): 116-.
[10]	张兴兰,李建楠. 支持高效撤销的属性加密方案[J]. 计算机与现代化, 2018, 0(07): 114-.
[11]	陈成，努尔买买提·黑力力. 基于CP-ABE的隐藏属性外包解密访问控制[J]. 计算机与现代化, 2018, 0(05): 74-.
[12]	刘赛1,聂庆节1,刘军1,李东民2,李静2. 基于量化行为的实时数据库备份系统访问控制模型[J]. 计算机与现代化, 2018, 0(01): 116-122.
[13]	史庭俊,张颖杰. #br# 云存储中基于属性的密文策略访问控制方法[J]. 计算机与现代化, 2017, 0(7): 111-116.
[14]	韦明伦，吕鑫，徐淑芳，王龙宝，李水艳，平萍，马鸿旭，刘璇. 一种支持属性撤销的ABE高效数据共享方案[J]. 计算机与现代化, 2016, 0(2): 66-71.
[15]	季开伟,乐红兵. 规则引擎在访问控制中的研究与应用[J]. 计算机与现代化, 2015, 0(8): 75-79.

基于危机事件的自适应访问控制模型

Adaptive Access Control Model Based on Hazardous Events

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价