摘要
当前网络空间安全形势日益严峻,层出不穷的网络安全漏洞使许多企事业单位痛苦不堪,造成难以估量的经济损失,成为大多数企事业单位的痛点和难点.漏洞管理需要协同人、资源和工具共同完成,必须设计一套高效的、安全的工作流.针对这一情况,在基于任务-角色的访问控制策略基础上,添加时间、空间、上下文等属性约束,构建多约束安全工作流模型并将其应用于漏洞管理流程.实践表明,流程可覆盖漏洞全生命周期管理,确保相关人员权责统一.同时,流程能轻松完成对数据及时定位、处理、分析和存档,使漏洞管理全过程可追踪、可回溯.
The cyberspace security faces great challenges nowadays for the increasing amount of vulnerabilities. Many corporations and organizations find it difficult to deal with them, resulting in the economic loss and the endless suffering. As vulnerability management requires people, resources and tools working together, it is necessary to design an efficient and secure workflow. To tackle this problem, a multi-constraint secure workflow model is proposed based on Task-Role-Based Access Control with time, space and context constrains. The proposed model is applied to vulnerability management flow. The practice showed that the workflow can cover the lifecycle management of vulnerabilities and guarantee the consistency between rights and obligation for stakeholders. It makes it easy to identify, process, analyze and record the data, which helps to trace the workflow of vulnerability management.
作者
陈圣楠
范新民
许力
Chen Shengnan;Fan Xinmin;Xu Li(Network and Data Center,Fujian Normal University,Fuzhou 350117;College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350117;Engineering Research Center of Cyber Security and Education Informatization,Fuzhou 350117)
出处
《信息安全研究》
2022年第7期700-706,共7页
Journal of Information Security Research
基金
国家自然科学基金项目(U1905211)。
关键词
漏洞管理
安全工作流
全生命周期管理
细粒度访问控制
网络安全
vulnerability management
secure workflow
lifecycle management
fined-grained access control
cyber security
