基于时态的ARBAC模型及其安全性分析的研究

发布时间：2018-01-23 00:40

本文关键词： 基于角色的访问控制权限模型检测管理时态安全性分析　出处：《江苏大学》2017年硕士论文　论文类型：学位论文

【摘要】：计算机技术的快速发展和网络的普遍应用,人们越来越重视信息系统安全问题。如何保障授权用户能够获取所需的资源,如何保证网络资源不被非法使用和非法访问等成为人们亟需解决的重要问题。访问控制是解决这些问题的有效手段,它是一种重要的信息安全技术。本文首先研究了基于角色的访问控制管理模型,并在此基础上结合时态信息领域的相关研究,提出了基于时态的ARBAC模型解决权限及时撤回分配问题,实现可信的授权用户在正确的时间表内拥有正确的访问权限这一目的。然后利用分解组合的思想对提出的模型进行安全性分析,使用基于抽象精化的模型检测技术验证系统的安全策略,本文的具体研究内容如下:(1)本文为了解决基于角色访问控制模型中的管理授权问题,提出了基于时态的ARBAC模型。首先,针对传统的基于角色的访问控制模型中的权限集进行划分,使得与权限有关的权限角色分配上变得清晰,降低授权难度。其次,将时间约束嵌入到角色本身、用户-角色分配(UA)和权限-角色分配(PA)中,并对模型进行了形式化描述,时间约束的嵌入,有效地解决了权限回收问题,减轻系统管理员的工作量。最后,将提出管理辖域的概念用于基于角色的访问控制模型中,提出基于时态的ARBAC模型,有效地管理该模型。与已有模型对比显示本文提出的访问控制管理模型性能更优,灵活性较强。(2)本文为了分析基于时态的ARBAC模型的安全性,提出了三阶段分解组合策略的安全性分析方法。首先,以管理员可以修改的时态关系,即时态的用户-角色分配关系、时态的角色状态关系、时态的权限-角色分配关系为基础把安全问题分解成三部分。其次,将第一阶段得到的子问题根据时间维度进一步分解成更小的子问题。针对不同的安全性问题,在每个时间域内采用基于抽象精化的模型检测方法验证策略的安全性,从而对子问题进行安全性分析。最后,结合每个分解问题获得的结果提供完整的分析,将分析结果组合解释问题。实验显示本文提出的安全性分析方法能够较好地实现安全策略表达和安全策略验证。
[Abstract]:With the rapid development of computer technology and the widespread application of network, people pay more and more attention to the security of information system. How to ensure that network resources are not illegally used and illegally accessed has become an important problem that people urgently need to solve. Access control is an effective means to solve these problems. It is an important information security technology. Firstly, this paper studies the role-based access control management model, and then combines the relevant research in the field of temporal information. In this paper, a temporal ARBAC model is proposed to solve the problem of timely revocation of permissions. The trusted authorized user has the correct access rights within the correct schedule. Then the security analysis of the proposed model is carried out by using the idea of decomposition and combination. In order to solve the problem of management authorization in the role-based access control model, the specific research contents of this paper are as follows: (1) in order to solve the problem of management authorization in the role-based access control model, the security policy of the system is verified by the model checking technology based on abstract refinement. A temporal based ARBAC model is proposed. Firstly, the privilege set in the traditional role-based access control model is divided, which makes the assignment of privilege roles clear. Secondly, the time constraint is embedded into the role itself, user-role assignment UAA and privilege role assignment (PAA), and the model is formalized to embed the time constraint. Finally, the concept of management domain is applied to the role-based access control model, and the temporal ARBAC model is proposed. Compared with the existing models, the proposed access control management model has better performance and more flexibility.) in order to analyze the security of the temporal based ARBAC model. In this paper, a security analysis method of three-stage decomposed combination strategy is proposed. Firstly, the temporal relationship, which can be modified by the administrator, is defined as the user-role assignment relation of tense and the role state relationship of temporal. The security problem is decomposed into three parts on the basis of the temporal privilege-role relationship. Secondly, the security problem is divided into three parts. The sub-problems obtained in the first stage are further decomposed into smaller subproblems according to the time dimension, aiming at different security problems. In each time domain, the model checking method based on abstract refinement is used to verify the security of the strategy, so that the security of the sub-problem is analyzed. Finally, combined with the results obtained from each decomposition problem to provide a complete analysis. The experimental results show that the security analysis method proposed in this paper can achieve security policy expression and security policy verification.
【学位授予单位】：江苏大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309

【参考文献】