摘要
访问控制技术是网络信息系统安全的核心技术之一。针对开放式网络下基于信任访问控制问题中的授权需求,提出了基于知识发现的风险最小化授权(信任-权限)模型,对模型元素、关系、约束和规则、授权策略进行了形式化定义。RMAM-KD模型引入信任和风险的概念,对权限进行细粒度划分,将交互中涉及到的实体属性及其信任值和风险值作为授权判断的重要参考依据,并加入时间约束限制,能够更好地支持动态的授权机制。最后,给出了RMAM-KD模型授权的应用实例及安全性分析,表明RMAM-KD模型能够有效地保证对客体资源的安全访问。
Access control technology is one of the core technologies of network information system security. For authorization requirements in access control of open networks, in this paper we propose a Risk Minimization Authorization Model based on Knowledge Discovery (RMAM-KD), in which the model elements, relationships, constraints and rules and the authorization policies are formally defined. We introduce the concepts of trust and risk to fine-grained permissions in the RMAM-KD model, regard the entity attributes involved in the interaction and their trust value and risk value as the important reference basis of judging the authorization, and join the time constraint to better support the dynamic authorization mechanism. Finally, we give the RMAM-KD authorized application example and do safety analysis, which show that the RMAM-KD model can effectively guarantee safe accesses to the object resources.
出处
《计算机工程与科学》
CSCD
北大核心
2015年第11期2112-2120,共9页
Computer Engineering & Science
基金
国家自然科学基金资助项目(61272500)
国家863计划资助项目(2015AA011103)
北京自然科学基金资助项目(4142008)
山东省自然科学基金资助项目(ZR2013FQ024)
山东省科学技术发展计划资助项目(2013RKA08007
2014RKB14122)
山东省高校科技计划资助项目(J12LN70
J14LN80)
北大方正集团有限公司数字出版技术国家重点实验室开放课题资助项目
关键词
访问控制
授权
信任
风险
知识发现
access control
authorization
trust
risk
knowledge discovery
