摘要
分布式信息系统中,内部用户一直都是数据泄露的头号威胁。在已有的多级访问控制模型中,主体一旦拥有某种操作权限,就能对集群内的多个客体进行操作,存在主体对客体过度访问的问题。主体的过度访问增加系统敏感信息泄露的风险,对系统的机密性造成威胁。针对系统的机密性进行研究,通过在已有模型中增加风险管理,对主体行为进行监控并动态调整其访问能力,保障信息系统的机密性。
In distributed information systems, internal users have always been the number one threat to information disclosure. In the existing multi- level access control model, once the subject has some operation authority, it can operate multiple objects in the group, and there is a prob- lem that the subject has excessive access to the object. The excessive access of the subject increases the risk of disclosure of sensitive infor- mation and threatens the confidentiality of the system. Studies the confidentiality of the system, and adds risk management of the to the sub- ject's behavior in the existing model. By monitoring the subject's behavior to dynamically adjust the subject's access ability, it can effective- ly control the subject's access, and ensure the confidentiality of the information system.
作者
董玉蓉
王鹏程
DONG Yu-rong;WANG Peng-cheng(College of Information Technology and Communication,University of Hexi,Zhangye 734000;China United Telecommunications Corporation Zhangye Branch,Zhangye 734000)
出处
《现代计算机》
2018年第17期47-51,共5页
Modern Computer
关键词
访问控制
机密性
风险管理
动态监控
Access Control
Confidentiality
Risk Management
Dynamic Monitoring
