基于属性RBAC的访问控制模型研究

发布时间：2018-04-13 22:41

本文选题：访问控制 + RBAC　；参考：《山东师范大学》2014年硕士论文

【摘要】：近几年，访问控制作为实现网络安全的一种技术措施渐渐成为研究热点。传统的访问控制模型及其扩展模型有很多，其中比较常见的有:自主访问控制模型（Discretionaryaccess control model）、基于角色的访问控制模型（Role based access control model）、强制访问控制模型（Mandatory access control model）、基于属性的访问控制模型（Attributebased access control model）。在这之中使用控制模型（Usage control model）是较为完善的一种访问控制模型，不过它虽然改进了传统访问控制模型在授权和委托方面的缺陷，但在控制策略管理和细粒度划分方面依然有不足之处。较为详尽的剖析了访问控制的研究现状以及其核心技术分析了开放环境中解决安全威胁的迫切性、实现系统安全访问的必要性，陈述了访问控制模型的发展历程、目前的研究现状及核心技术，对比剖析了各种模型的优势及缺陷，阐述了当前开放环境的特点等。本文围绕UCON模型的优缺点，对控制模型进行了探索和研究，主要的内容以及创新点如下： 1.建立了一种基于属性RBAC的访问控制模型。针对传统使用控制模型不能够控制属性、无法实现安全的委托授权而导致的访问控制不灵活问题，提出一种新的基于属性RBAC的访问控制模型。在理论层面分析各组成要素的逻辑关系，并提出了与其配套的使用控制策略模型。在此模型中，角色、属性及使用控制决策因素义务、条件等相结合，，把属性和角色的授权委托的模块嵌入UCON，实现了委托的功能，提高了灵活性和可靠性。 2.建立了一种具有时间约束的跨域控制模型当下网络的发展趋势为开放、异构的，系统间的跨域访问操作越发频繁，跨域的访问控制研究很有必要。另一方面，在网络系统中，依据时间段来控制访问亦越发的普遍。按照目前的网络系统现状，将时间约束和源域及目标域概念引入使用控制模型，提高了模型的适应性和实用性。 3.设计仿真实验验证模型的实用性通过智能卡访问管理实例，验证本文提出的控制模型的实用性。在线阅读实例中，通过一个用户将部分在线书籍的阅读权转授予另一个用户，验证本文提出的控制模型对授权委托的控制。
[Abstract]:In recent years, as a technical measure to realize network security, access control has gradually become a research hotspot.There are many traditional access control models and their extended models.Some of them are: discretionary access control model, role based access control model, mandatory access control model, Attribute-based access control model.Using the control model / usage control model is a more perfect access control model, but it improves the shortcomings of the traditional access control model in terms of authorization and delegation.However, there are still shortcomings in control strategy management and fine-grained partitioning.In this paper, the current research situation of access control and its core technology are analyzed in detail. The urgency of solving security threats in open environment and the necessity of system security access are analyzed. The development course of access control model is described.The present research status and core technology are analyzed, the advantages and disadvantages of various models are compared, and the characteristics of the current open environment are expounded.Based on the advantages and disadvantages of UCON model, this paper explores and studies the control model. The main contents and innovations are as follows:1.An access control model based on attribute RBAC is established.A new access control model based on attribute RBAC is proposed to solve the problem of inflexibility of access control caused by traditional usage control model which can not control attributes and can not implement secure delegation authorization.At the theoretical level, the logical relation of each component element is analyzed, and the corresponding usage control strategy model is proposed.In this model, roles, attributes and use control decision factors obligations and conditions are combined to embed the module of attribute and role delegation into UCON, which realizes the function of delegation and improves the flexibility and reliability.2.A cross-domain control model with time constraints is established.At present, the development trend of network is open, heterogeneous, inter-system cross-domain access operations more frequent, cross-domain access control research is necessary.On the other hand, in network system, it is more and more common to control access according to time period.According to the present situation of network system, the concepts of time constraint, source domain and target domain are introduced into the usage control model, which improves the adaptability and practicability of the model.3.Design simulation experiment to verify the practicability of the modelAn example of smart card access management is given to verify the practicability of the proposed control model.In an example of online reading, one user transfers the reading rights of some online books to another user, which verifies the control of authorization delegation by the control model proposed in this paper.
【学位授予单位】：山东师范大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】