摘要
如何选择权限的客体粒度是访问控制系统设计中的一个基本问题,然而目前在信息安全需求分析中,访问权限客体粒度的选择主要基于信息安全的一些原则和信息安全工程师的经验,缺少自动化的辅助工具,存在权限客体粒度值不可选择、灵活性差、权限粒度与系统需求不匹配的风险.基于多粒度决策系统理论,提出了一种访问控制系统中客体粒度决策模型(Object Granularity Decision Model in Access Control,OGDM),给出了访问权限的客体粒度值选取的度量标准和度量方法,也给出了权限客体最优粒度的选择算法.案例分析表明,OGDM的灵活性较高,方便选取最优客体粒度,为信息安全需求分析中的权限客体粒度选择工作提供了一种自动化的辅助决策算法.
How to choose the object granularity of permissions is a basic problem in the design of access control systems.However,in the analysis of information security requirements,the choice of access object granularity is mainly based on some principles of information security and the experience of information security engineers,Lacking the automated aids.There is a risk that the granularity of the object granularity is not selectable,the flexibility is poor,and the granularity of the rights and the system requirements do not match.Based on the theory of multi-granularity decision system,an object granularity decision model(OGDM)in access control is proposed,and the measurement and measurement methods of granularity selection of access rights objects are given.The selection algorithm of the optimal granularity of privileged objects is given.Case studies show that OGDM has high flexibility,and it is convenient to choose the optimal object granularity,which provides an automated decision algorithm for object granularity selection in information security requirements analysis.
作者
沈夏炯
薛钰
韩道军
张磊
SHEN Xiajiong;XUE Yu;HAN Daojun;ZHANG Lei(Key Laboratory of Big Data Analysis and Processing of Henan Province,Henan University,Henan Kaifeng475004,China;Institute of Data and Knowledge Engineering,Henan University,Henan Kaifeng475004,China)
出处
《河南大学学报(自然科学版)》
CAS
2020年第1期63-69,79,共8页
Journal of Henan University:Natural Science
基金
国家自然科学基金资助项目(61272545,61402149)
河南省科技攻关计划基金(142102210390,182102110065,182102210238)
河南省教育厅科技攻关计划基金联合资助项目(14A520026)
河南省教育厅科学技术研究重点项目(17B520006).
关键词
权限
客体粒度
多粒度决策系统
度量方法
决策算法
permission
object granularity
multi-granularity decision system
measurement method
decision algorithm
