摘要
应用区域边界安全系统是一个关防系统,它在使用过程中能否达到保护应用环境安全的目标是由其安全授权规则集的完备性和一致性及对其授权的简便性决定的。应用环境中的主体是通过各种不同的应用协议对客体进行访问的,它们在通过应用区域边界安全系统时,应用区域边界安全系统将根据安全授权规则集对其访问请求进行检验,若满足安全授权规则集要求,则允许通过,反之拒绝。因此,我们根据访问请求所涉及的主体、客体、协议、安全策略等部件,给出了应用区域边界授权的体系结构,同时在给出刻画它们特性的谓词基础上,提出了易于表达安全策略的应用区域边界形式化授权模型。对此形式化模型进行编译不仅可以根据安全策略对授权的合法性进行检验,而且也可以及时发现安全策略中存在的漏洞,从而可以得到一个正确的安全授权规则集。
Application enclave boundary security system is gateway system.It's aim to safeguard the application environment used in practical is determined by completeness and consistency of the set of security authorization rule and simpleness of its authorization process.The object in the application enclave environment is accessed by the subject in the application environment through different kinds of application protocol,when the access request pass through the application enclave boundary security system,it will be checked by the system based on its security authorization rules,if it satisfy the requirement of the system's security authorization rules,it is granted to pass,or else,denied to pass.Therefore,we present a formal authorization model that can easily express the security policy,which is based on the predicate describing the property of the subject,object,application protocol and security etc.Compiling the formal model we not only can check the validity of authorization based on security policy,but also can find shortcoming existed in security policy,so we can get a correct set of security authorization rules.
出处
《计算机工程与应用》
CSCD
北大核心
2005年第21期27-31,共5页
Computer Engineering and Applications
基金
国家973重点基础研究发展规划(编号:G1999035801)
国家863高技术研究发展研究计划(编号:2002AA144020)项目资助
关键词
应用区域边界
授权
访问控制
application enclave boundary,authorization,access control
