摘要
针对多域环境下基于属性的访问控制模型(ABAC)存在的敏感属性泄露等问题,提出了基于信任度的跨域安全访问控制模型(CD-TBAC)。该模型将属性管理系统与域决策系统相结合,对属性进行敏感度划分,并引入基于时间衰减性的动态信任度度量机制。通过判别信任度与敏感度之间的关系来决定是否提交敏感属性,并结合实时的信任度与主体的某些属性确定角色,最终根据访问控制策略确定主体权限,实现域内外的安全访问。实验和性能分析表明,该模型在效率上完全接近于ABAC,并具备较高的安全性,能防止敏感属性的泄露、实现匿名访问和抗重放攻击等。
Aiming at the existing problems such as sensitive attributes' leakage in the model of attribute based access control( ABAC) for multi-domain,this paper put forword an access control model which was trust based access control in cross-domain( CD-TBAC). The model combined attribute management system with domain decision system,divising the sensitivity degree of subjects' attributes and also introducing dynamic trust metric system based on time decay. By determining the relationship between trust and sensitivity to decide whether to submit sensitive attributes,it also connected real-time trust-value with other attributes to determine the role of the subject. Utimately,the model adopted access control policy to determine the permission,realizing the security access of in-domain and out-domain. The experiment and performance analysis show that this model is completely closed to the ABAC on efficienty,and it has higher security such as preventing the disclosure of sensitive attributes,anonymous access,resisting attack and so on.
出处
《计算机应用研究》
CSCD
北大核心
2016年第6期1791-1796,共6页
Application Research of Computers
基金
河南省科技厅重大科技攻关项目(132102210123)
河南省教育厅重大科技攻关项目(13A520321)
关键词
跨域
信任度
敏感度
时间衰减
敏感属性
角色
cross domain
trust
sensitivity degree
time decay
sensitive attributes
role
