摘要
实时备份系统对访问行为动态性具有较高限制,传统的访问控制模型在模型元素粒度和权限动态分配等方面存在的不足,会进一步影响其安全性。针对这一问题,引入时态、环境的概念以及行为模型元素的定义来描述访问活动,提出面向实时备份系统的量化行为访问控制模型QABAC(Quantified Action-Based Access Control)。该模型引入量化属性及信任度的概念,使用量化函数对属性进行动态量化,计算某访问行为的安全度,进一步地根据量化结果,将访问行为分配相应的信任度,并根据信任度配合最终授权策略以决定是否将特定权限授权给该访问行为。实验结果表明,与其他传统访问控制模型相比,QABAC模型具有更灵活及更安全的特点,更适用于当前开放复杂网络环境下数据库的安全保护。
Real time backup system has a high restriction on the dynamic. Due to the shortages of the existing access control models in the granularity of the model elements and the dynamic allocation of rights,the security of backup system will be influenced. The concepts of temporal and environment and the definition of action are given to describe the access activities,a quantified action-based access control( QABAC) model for real time database backup system is proposed. The concepts of quantified attribute and trust degree are introduced firstly,the security degree of the access behavior is calculated by using the quantitative function to dynamically quantify the attributes,and then the trust degree of the access behavior is allocated according to the quantitative results. Finally authorization policy determines the access behavior through the trust degree. Compared with other traditional models,the QABAC model is more flexible,more secure,and more suitable for the current open network environment to protect the backup database security.
出处
《计算机与现代化》
2018年第1期116-122,共7页
Computer and Modernization
基金
国家电网公司总部科技项目(0711-150TL173)
关键词
访问控制
量化行为
细粒度
动态授权
access control
quantified action
fine-grained
dynamic authorization
