松耦合环境下跨域访问控制研究

发布时间：2018-06-02 09:12

本文选题：跨域 + 混合层次　；参考：《重庆大学》2014年硕士论文

【摘要】：随着网络和信息技术的发展，不同组织域之间的信息共享和分布式协作变得日益广泛。一方面为现代社会生产和生活提供了很大便利，而另一方面，又会带来各种信息安全问题。各个组织域拥有自身的访问控制策略，如何在组织域之间提供和实现一套安全互操作机制，已经成为当下研究热点。基于角色的访问控制（RBAC）具有很多灵活特性，如具有角色层次、最小权限、职责分离等，同时具有管理的便利性等特点，已经在信息系统和网络技术中得到广泛应用。 RBAC系统内的角色层次为管理带来了便利性，但其角色层次的语义并不明确，这种不明确性在一些安全性要求较高的场合并不实用。RBAC系统之间的跨域访问控制已经有了很多的研究，跨域安全互操作主要是基于角色映射来合成全局策略，这在紧耦合环境下中得到很好应用，但在诸如web服务、p2p、网格服务等松耦合环境下并不适合。因此，基于以上需求，本文主要对以下几个方面进行了研究： ①为了使RBAC中的角色层次具有良好语义，，能够满足一些安全性要求较高场合的需求，分析并扩展了RBAC的角色层次，给出混合层次模型，并分析其在授权过程中产生的安全问题。 ②根据现有的研究，对比紧耦合环境下的跨域访问控制模型，在松耦合环境下提出一种基于请求驱动的跨域访问控制框架模型，该框架模型包含角色映射模块、角色激活模块和请求缓冲池模块，解决了在混合层次和各种约束下的跨域访问控制问题，对外域用户不同的请求根据提出的角色映射算法和角色激活算法来最终确定是否予以授权。 ③给出一个应用场景来模拟提出的框架模型，深入分析了基于请求驱动的框架模型在此场景下的运用。
[Abstract]:With the development of network and information technology, information sharing and distributed collaboration among different organizational domains become more and more extensive. On the one hand, it provides great convenience for the production and life of modern society, on the other hand, it will bring all kinds of information security problems. Each organizational domain has its own access control strategy. How to provide and implement a set of secure interoperability mechanism between organizational domains has become a hot research topic. Role-Based access Control (RBAC) has been widely used in information systems and network technologies because of its flexible features, such as role hierarchy, minimum authority, separation of duties, and convenience of management. The role hierarchy in the RBAC system brings convenience to management, but the semantics of the role level are not clear. This uncertainty is not practical in some situations with high security requirements. There has been a lot of research on cross-domain access control between RBAC systems. Cross-domain security interoperability is mainly based on role mapping to compose global policy. This is well used in tightly coupled environments, but not in loosely coupled environments such as web services p2p and grid services. Therefore, based on the above requirements, this paper mainly studies the following aspects: In order to make the role hierarchy in RBAC have good semantics and meet the requirements of higher security requirements, the role hierarchy of RBAC is analyzed and extended, and the mixed hierarchy model is given, and the security problems arising in the authorization process are analyzed. 2 according to the existing research, compared with the cross-domain access control model in tightly coupled environment, a cross-domain access control framework model based on request driven is proposed in loosely coupled environment, which includes role mapping module. Role activation module and request buffer pool module solve the cross-domain access control problem under mixed hierarchy and various constraints. According to the proposed role mapping algorithm and the role activation algorithm, the different requests of the foreign users are finally determined whether to authorize or not. 3. An application scenario is presented to simulate the proposed framework model, and the application of the request-driven framework model in this scenario is analyzed in depth.
【学位授予单位】：重庆大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】