摘要
网格环境动态、多域和异构性的特点决定其需要灵活、易于扩展和精细的授权机制。近来在网格环境下的访问控制方面做了大量研究,现有的模型大多在相对静止的前提下,基于主体的标识、组和角色信息进行授权,缺乏具体的上下文信息和灵活的安全策略。本文提出了网络环境下基于使用控制和上下文的动态访问控制模型。在该模型中,授权组件使用主体和客体属性定义传统的静态授权;条件组件使用有关的动态上下文信息体现了对主体在具体环境中的动态权限控制。在该模型的基础上,本文实现了一个原型系统,以验证模型的效率和易于实现性。
Due to inherent heterogeneity, multi domains characteristic and highly dynamic nature, grid environment requires scalable, flexible, and fine-gained access control mechanism. Despite the recent advances in access control for grid application do address important aspects of the overall authorization, these efforts focus on the pre-defined access control policies where authorization depends on identity or role of the subject. However, they are lacks of flexible approaches to adapt the dynamically security request. This paper proposes a dynamic context_aware usage control based grid access control model. In this model, authorization component evaluates access requests based on subject attrib- utes, object attributes and requests. While condition component dynamic grants and adapts permission to the subject based on a set of contextual information collected from the user and system environments. As a proof-of-concept we design and implement a prototype system based on our proposed architecture and conduct experimental studies to demonstrate the feasibility and performance of our model.
出处
《计算机科学》
CSCD
北大核心
2008年第2期37-41,共5页
Computer Science
基金
国家自然科学基金(60403027)
湖北省自然科学基金(2005ABA243)资助