访问控制委托的安全审计研究

发布时间：2018-06-23 03:36

本文选题：信息安全 + 访问控制　；参考：《重庆大学》2014年硕士论文

【摘要】：信息技术的迅速发展和广泛应用，极大地推动了人类文明的进步。人们在享受信息资源所带来的巨大便利同时，也面临着信息安全的严峻考验。信息在介质中存储和传输，难免会遭到非法的使用、篡改、泄露和破坏，，导致严重的信息安全事故。为了满足信息安全的需要人们发展起来了多种信息安全技术手段，访问控制和安全审计就是解决这些安全事故的重要技术手段之一。随着网络信息技术的发展，信息系统自身的脆弱性日益呈现出来，信息安全技术的缺陷也在应用中日益明显。单一的安全手段已经难以解决不断出现的信息安全问题，只有结合多种安全技术手段实施更安全更实际的安全方案，才能不断满足日益严峻的信息安全问题。以往的信息系统安全模型中，访问控制机制和安全审计功能都是以单独的模块来实现，两模块之间关系紧密但又工作透明，难以实现对访问控制内部的用户权限审计。在访问控制模型中，由于访问权限的委托在实际应用中有职能备份、权利下放、工作协同的特点，是访问控制模型应用研究的热点和难点。但是由于与安全审计功能之间的联系相对较少，没有考虑对委托后的安全审计，缺少对委托权限的全方位动态管理。因此，本文主要从以下几个方面对问题进行研究： 1.深入研究信息安全模型的相关理论及其各个组件的安全机制，分析访问控制的主要特性、模型特点，总结不同的访问控制方式的优缺点，并结合安全审计概念及特性，归纳出基于角色的访问控制模型与安全审计的关联。 2.根据访问控制和安全审计的分析，从访问权限委托的概念和特性出发，主要就委托的深广度、细粒度和授权方式等方面进行分析，列举传统访问控制领域内的委托授权解决方案，对比各种基于角色的委托模型，提出委托在安全审计方面的不足以及实施审计方案的参考模型。 3.将安全审计功能加入到委托模型中，提出一种具有安全审计功能的基于角色的访问控制委托模型，给出模型形式化的定义，并对模型中安全审计功能进行详细描述。 4.通过在案例系统中的应用，结合模型进行实践，利用安全审计功能实现不同场景下委托授权的解决方案。
[Abstract]:The rapid development and wide application of information technology have greatly promoted the progress of human civilization. At the same time, people are faced with the severe test of information security. Information stored and transmitted in media will inevitably be illegally used, tampered with, leaked and destroyed, resulting in serious information security accidents. In order to meet the needs of information security, a variety of information security techniques have been developed. Access control and security audit are one of the important technical means to solve these security accidents. With the development of network information technology, the vulnerability of information system becomes more and more obvious, and the defect of information security technology is becoming more and more obvious in application. It is difficult to solve the problem of information security by a single security means. Only by combining various security techniques to implement a more secure and practical security scheme can we continuously meet the increasingly serious information security problems. In the previous information system security model, the access control mechanism and the security audit function are realized by a single module. The relationship between the two modules is close but the work is transparent, so it is difficult to audit the user rights inside the access control. In the access control model, the delegation of access authority has the characteristics of functional backup, decentralization of power and cooperation of work in practical applications, so it is a hot and difficult point in the application of access control model. However, because of the relatively few links with the security audit function, the security audit after the delegation is not considered, and the omnidirectional dynamic management of the delegation authority is lacking. Therefore, this article mainly carries on the research from the following several aspects: 1. The related theories of information security model and the security mechanism of each component are deeply studied. The main characteristics of access control and the characteristics of the model are analyzed. The advantages and disadvantages of different access control methods are summarized, and the concept and characteristics of security audit are combined. The relationship between role-based access control model and security audit is summarized. 2. According to the analysis of access control and security audit, from the concept and characteristics of delegation of access authority, it mainly analyzes the depth and breadth of delegation, fine granularity and authorization method, etc. This paper lists the traditional delegation authorization solutions in the field of access control, compares various role-based delegation models, and puts forward the shortcomings of delegation in security audit and the reference model for implementing audit schemes. 3. The security audit function is added to the delegation model, and a role-based access control delegation model with security audit function is proposed, the formal definition of the model is given, and the security audit function in the model is described in detail. 4. Through the application in the case system, combined with the practice of the model, the security audit function is used to realize the solution of delegation authorization under different scenarios.
【学位授予单位】：重庆大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】