期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于短信互动的实时审计模型 被引量:1

Real Time Audit Model Based on Interactive Short Message
原文传递
导出
摘要 早期的安全系统,存在易被盗用的风险;对用户操作的审核,是一种滞后被迫分析。针对早期安全系统中的不足,文中提出一种基于短信互动的实时安全审计模型。在该模型中,用户登录时系统自动产生动态密码,通过短信的方式发送给用户;通过对动态密码设置时间有效期(如60 s)确保用户认证的有效性;通过短信白名单和黑名单的访问控制列表方式实现对用户帐号的有效性管理;用户通过发送短信可实时禁用或启用帐号;通过对帐号状态的实时监控从而实现对用户行为的实时审计。 Among previous security systems,there was a common problem: the user-id was easy to be stolen and used by others.And audit was forced to execute if the user was found to be abnormal.Due to these defects,a novel real time audit model is proposed based on interactive short message.In the model,dynamic password is automatically generated when a user applies to log on,which is sent to the user via a short message.The effective period of the dynamic password,such as sixty seconds,is set to ensure the user's authentication.The user-id is managed by white short message list or black short message list,which is a special access control list.A user can activate or prohibit his user-id by sending short message with different content.And the real audit towards a user's operation can be realized by control the status of a user's user-id.
作者 张成彬 涂旭平 廖振松
机构地区 盐城工学院信息工程学院 华中科技大学计算机学院 湖北移动网管中心
出处 《武汉理工大学学报》 CAS CSCD 北大核心 2010年第20期99-102,107,共5页 Journal of Wuhan University of Technology
关键词 认证 授权 审计 短信 访问控制列表 authentication authorization audit short message access control list
分类号 TN919.3 [电子电信—通信与信息系统]
  • 相关文献

参考文献6

二级参考文献30

  • 1徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 2Sanhu R S,IEEE Computer,1996年,29卷,2期,38页
  • 3Lunt T F,Research Directions in Database Security,1992年,98页
  • 4Xu Z, Feng DG, Li L, Chen H. UC-RBAC: A usage constrained role-base access control model. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security. LNCS 2836, Heidelberg: Springer-Verlag, 2003.337-347.
  • 5Gasser M, McDermott E. An architecture for practical delegation in a distributed system. In: Cooper D, Lunt T, eds. Proc. of the1990 IEEE Computer Society Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society Press, 1990. 20-30.
  • 6Gladny HM. Access control for large collections. ACM Trans. on Information Systems, 1997,15(2):154-194.
  • 7Moffett JD, Sloman MS. The source ofauthority for commercial access control. IEEE Computer, 1988,21(2):59-69.
  • 8Nagaratnam N, Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering, 1998,5(4):168-178.
  • 9Bandmann O, Dam M, Firozabadi BS. Constrained delegation. In: Proc. of thc 23rd Annual IEEE Symp. on Security and Privacy.Oakland: IEEE Computer Society Press, 2002. 131-143. http://csdl.computer.org/comp/proceedings/sp/2002/1543/00/15430131abs.htm
  • 10Niezette M, Stevenne J. An efficient symbolic representation of periodic time. In: Finin TW, Nicholas CK, Yesha Y, eds. Proc. of the 1st Int'l Conf. on Information and Knowledge Management. LNCS 752, Springer-Verlag, 1992.

共引文献177

同被引文献14

引证文献1

二级引证文献3

武汉理工大学学报
2010年 第20期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部