摘要
起源(Provenance)是记录数据演变历史的元数据。最近研究者提出起源感知的访问控制,通过追溯和分析访问者或被访问对象的起源来决定允许或拒绝访问请求。由于起源通常由系统在运行时记录并呈现为复杂的有向图,识别、规约和管理起源感知的访问控制策略非常困难。为此,提出了一个基于UML模型的起源感知访问控制策略分析方法,包括对复杂起源图的抽象建模技术以及一个在面向对象的软件开发过程中系统地建立起源模型、规约起源感知访问控制策略的参考过程指南。最后结合企业在线培训系统案例说明如何应用所提出的方法。
Provenance is the historical meta-data of data objects. It has recently been used to enable provenance-based access control (PBAC), which grants or denies an access request according to the provenance of either the subjects or the objects. However, provenance can only be collected at run-time via complex directed acyclic graphs, so it is very difficult for security architects to efficiently specify PBAC policies due to the complexity of provenance graphs and its unavailability at design time. We explore a UML model-based approach to analyze PBAC policies. Specifically, we first introduce a concep- tual provenance model to shield the complexity of the provenance graphs and to enable policy analysis at the design time. We then introduce a UML model-based process to guide the analysis of the conceptual provenance model and the PBAC policies along with the object-oriented development. We validate the proposed approach within an enterprise online training system.
出处
《计算机工程与科学》
CSCD
北大核心
2015年第6期1114-1126,共13页
Computer Engineering & Science
基金
国家自然科学基金资助项目(61202019)
陕西省教育厅自然科学专项(14JK1098)
关键词
起源
起源模型
访问控制
UML
安全工程
provenance
provenance model
access control
UML
security engineering