基于主客体安全性评估的访问控制模型

罗俊; 刘嘉勇; 龚勋; 胡勇

###

DOI:

工程科学与技术:2011,43(6):140-147

查看/发表评论过刊浏览高级检索 HTML 文章目录

←前一篇 | 后一篇→

码上扫一扫！

下载全文

基于主客体安全性评估的访问控制模型

罗俊¹, 刘嘉勇¹, 龚勋², 胡勇¹

(1.四川大学信息安全研究所;2.四川大学计算机学院)

Access Control Model Based on the Security Evaluation of Subject and Object

Luo Jun¹, Liu Jiayong¹, Gong Xun², Hu Yong¹

(1.Inst. of Info. Security,Sichuan Univ.;2.School of Computer Sci.,Sichuan Univ.)

摘要

图/表

参考文献

相似文献

附件

本文已被：浏览 2213次下载 0次
投稿时间：2011-07-09 修订日期：2011-09-21

中文摘要: 从访问行为的主体和客体安全性出发，提出了一种基于主客体安全性评估的访问控制模型。定义了用户安全度、资源安全度、用户安全级别、资源安全级别和操作级别等概念及其相互关系，提出了用户以某种操作访问某系统资源需要满足的条件公式。通过威胁、脆弱性和环境安全性估值的加权求和得到用户所访问客体所在设备的安全性估值，即为客体安全度。访问行为的主体安全度则取决于用户所用物理设备的安全性、用户对资源使用的合规性、用户的历史表现、第三方对用户的评价以及用户身份凭证级别。讨论了这5个因素估值的计算方法，并采用加权和求得主体安全度。最后，在实际应用中对该访问控制模型进行了实验验证。统计数据表明，与基于防火墙和入侵检测的访问控制系统相比，采用基于主客体安全性评估的访问控制系统的安全事件无论从总数还是严重性上都有明显下降。

中文关键词: 访问控制主体客体安全度安全级别

Abstract:An access control model based on the security evaluation of subject and object was proposed. At first, some important concepts and their relationships, such as user (subject) security degree, resource (object) security degree, user security level, resource security level, and operation level were defined. Then a formula to qualify the condition that the user must satisfy when he accessed a certain system resource by a certain operation was provided from the angle of security. The object security degree was decided by the security evaluation value of the device that the accessed resource lied in, which equaled the weighting sum of the evaluation values of the threat, the vulnerability and the environment security. The user security degree was decided by five factors, such as the security of physical device used by the user, compliance of the use of the resources, the history behavior of the user, the evaluation of the user by a third party, and the identity certificate class. The methods to compute the values of these five factors were discussed and the subject security degree was equal to the weighting sum. At last, the proposed access control model based on the security evaluation of subject and object was verified in practical application. The statistics of experiment showed that, compared with the access control system depended on firewall and IDS, the total number and severity of security events of the system based on the proposed access control model decrease obviously.

keywords: access control subject object security degree security level

文章编号：201100652 中图分类号： 文献标志码：

基金项目:中国信息安全测评中心资助项目

作者	单位
罗俊	四川大学信息安全研究所
刘嘉勇	四川大学信息安全研究所
龚勋	四川大学计算机学院
胡勇	四川大学信息安全研究所

Author Name	Affiliation
Luo Jun	Inst. of Info. Security,Sichuan Univ.
Liu Jiayong	Inst. of Info. Security,Sichuan Univ.
Gong Xun	School of Computer Sci.,Sichuan Univ.
Hu Yong	Inst. of Info. Security,Sichuan Univ.

作者简介:
引用文本：
罗俊,刘嘉勇,龚勋,胡勇.基于主客体安全性评估的访问控制模型[J].工程科学与技术,2011,43(6):140-147.
Luo Jun,Liu Jiayong,Gong Xun,Hu Yong.Access Control Model Based on the Security Evaluation of Subject and Object[J].Advanced Engineering Sciences,2011,43(6):140-147.