面向网络空间的访问控制模型

李凤华; 王彦超; 殷丽华; 谢绒娜; 熊金波

doi:10.11959/j.issn.1000-436x.2016109

您当前的位置：

首页 >

文章列表页 >

面向网络空间的访问控制模型

学术论文 | 更新时间：2024-06-05

- 面向网络空间的访问控制模型
- Novel cyberspace-oriented access control model
- 通信学报 2016年37卷第5期页码：9-20
- 作者机构：
  
  1. 中国科学院信息工程研究所信息安全国家重点实验室，北京 100093
  2. 北京电子科技学院信息安全系，北京 100070
- 作者简介：
  
  [ "李凤华（1966-），男，湖北浠水人，博士，中国科学院信息工程研究所副总工、研究员、博士生导师，主要研究方向为网络与系统安全、信息保护、隐私计算。" ]
  [ "王彦超（1980-），男，河北邯郸人，中国科学院信息工程研究所博士生，主要研究方向为访问控制与云数据安全。" ]
  [ "殷丽华（1973-），女，辽宁朝阳人，博士，中国科学院信息工程研究所副研究员、硕士生导师，主要研究方向为信息安全、安全性评估。" ]
  [ "谢绒娜（1976-），女，山西永济人，北京电子科技学院副教授、硕士生导师，主要研究方向为密码应用、网络与系统安全。" ]
  [ "熊金波（1981-），男，湖南益阳人，中国科学院信息工程研究所博士后，福建师范大学副教授、硕士生导师，主要研究方向为云数据安全与隐私保护技术。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61170251);国家高技术研究发展计划(“863”计划）基金资助项目(2015AA016007);国家自然科学基金-广东联合基金资助项目(U1401251);国家自然科学基金—青年科学基金资助项目(61502489)
- DOI：10.11959/j.issn.1000-436x.2016109
  中图分类号： TP302
- 网络出版日期：2016-05，
  
  纸质出版日期：2016-05-15
- 稿件说明：
移动端阅览
李凤华, 王彦超, 殷丽华, 等. 面向网络空间的访问控制模型[J]. 通信学报, 2016,37(5):9-20.

Feng-hua LI, Yan-chao WANG, Li-hua YIN, et al. Novel cyberspace-oriented access control model[J]. Journal on communications, 2016, 37(5): 9-20.
李凤华, 王彦超, 殷丽华, 等. 面向网络空间的访问控制模型[J]. 通信学报, 2016,37(5):9-20. DOI： 10.11959/j.issn.1000-436x.2016109.

Feng-hua LI, Yan-chao WANG, Li-hua YIN, et al. Novel cyberspace-oriented access control model[J]. Journal on communications, 2016, 37(5): 9-20. DOI： 10.11959/j.issn.1000-436x.2016109.

摘要

提出一种面向网络空间的访问控制模型，记为 CoAC。该模型涵盖了访问请求实体、广义时态、接入点、访问设备、网络、资源、网络交互图和资源传播链等要素，可有效防止由于数据所有权与管理权分离、信息二次/多次转发等带来的安全问题。通过对上述要素的适当调整可描述现有的经典访问控制模型，满足新的信息服务和传播模式的需求。给出了CoAC管理模型，使用Z-符号形式化地描述了管理模型中使用的管理函数和管理方法。该模型具有极大的弹性、灵活性和可扩展性，并可进一步扩充完善，以适应未来信息传播模式的新发展。

Abstract

A novel cyberspace-oriented access control model was proposed

termed as CoAC

which avoided the threats by comprehensively considering vital factors

such as access requesting entity

general tense

access point

device

networks

resource

internet-based interactive graph and chain of resource transmission.By appropriately adjusting these factors

CoAC emulated most of typical access control models and fulfilled the requirements of new information service patterns and dissemination modes.The administrative model of CoAC was also presented and the functions and methods for administrating CoAC were described by utilizing Z-notation.CoAC is flexible and scalable

it can be further refined and expanded to figure out new opportunities and challenges in the upcoming access control techniques.

关键词

Keywords

references

National Computer Security Center.Glossary of computer security terms NCSC-TG-004) [EB/OL ] . http://csrc.nist.gov/secpubs/rainbow/tg004.txt http://csrc.nist.gov/secpubs/rainbow/tg004.txt

BELL D E , LAPADULA L J . Secure computer systems:mathematical foundations [R ] . MITRE CORP BEDFORD MA , 1973 .

STALLINGS W . Network and internetwork security:princip and practice [M ] . Englewood Cliffs:Prentice Hall , 1995 .

FERRAIOLO D F , KUHN D R . Role-based access con-trol [C ] // National Computer Security Conference . c1992 : 554 - 563 .

OH S , SANDHU R , ZHANG X . An effective role administration mod-el using organization structure [J ] . ACM Transactions on Information and System Security (TISSEC) , 2006 , 9 ( 2 ): 113 - 137 .

SANDHU R , BHAMIDIPATI V , MUNAWER Q . The ARBAC97 model for role-based administration of roles [J ] . ACM Transactions on Information and System Security , 1999 , 2 ( 1 ): 105 - 135 .

SANDHU R , MUNAWER Q , The ARBAC99 model for administra-tion of roles [C ] // Annual Computer Security Applications Conference . c1999 : 229 - 238 .

SANDHU R S , COYNE E J , FEINSTEIN H L , et al . Role-based access control models [J ] . Computer , 1996 ( 2 ): 38 - 47 .

FREUDENTHAL E , PESIN T , PORT L , et al . dRBAC:distributed role-based access control for dynamic coalition environments [C ] // In-ternational Conference on Distributed Computing System . c2002 : 411 - 420 .

LIU S , HUANG H . Role-based access control for distributed coopera-tion environment [C ] // International Conference onComputational Intel-ligence and Security . c2009 : 455 - 459 .

PARK J , SANDHU R . The UCON ABC usage control model [J ] . ACM Transactions on Information and System Security (TISSEC) , 2004 , 7 ( 1 ): 128 - 174 .

KATT B , ZhANG X W , BREU R , et al . A general obligation model and continuity:enhanced policy enforcement engine for usage con-trol [C ] // ACM Symposium on Access Control Models and Technolo-gies , Estes Park,CO,USA , c2008 : 683 - 695 .

LOVAT E , PRETSCHNER . Data-centric multi-layer usage control enforcement:a social network example [C ] // ACM Symposium on Access Control Models and Technologies . Innsbruck,Austria , c2011 : 151 - 152 .

XU C , WANG Q , ZHANG W , et al . Temporal access control based on multiple subjects [C ] // International Conference on Multimedia Infor-mation Networking and Security . c2009 : 438 - 441 .

BERTINO E , BONATTI P A , FERRARI E . TRBAC:a temporal role-based access control model [J ] . ACM Transactions on Information and System Security (TISSEC) , 2001 , 4 ( 3 ): 191 - 233 .

王小明 , 赵宗涛 . 基于角色的时态对象存取控制模型 [J ] ．电子学报 , 2005 , 33 ( 9 ): 1634 - 1638 .

WANG X M , ZHAO Z T . Role-based access control model of tem-poral object [J ] . Acta Electronica Sinica , 2005 , 33 ( 9 ): 1634 - 1638 .

XU C , WANG Q , ZHANG W , et al . Temporal access control based on multiple subjects [C ] // International Conference on Multimedia Infor-mation Networking and Security . c2009 : 438 - 441 .

YUAN E , TONG J . Attributed based access control (ABAC) for Web services [C ] // The IEEE International Conference on Web Services . FL,USA , c2005 : 561 - 569 .

李晓峰 , 冯登国 , 陈朝武 , 等 . 基于属性的访问控制模型 [J ] ．通信学报 , 2008 , 29 ( 4 ): 90 - 98 .

LI X F , FENG D G , CHEN Z W , et al . Model for attribute based access control [J ] . Journal on Communications , 2008 , 29 ( 4 ): 90 - 98 .

王小明 , 付红 , 张立臣 . 基于属性的访问控制研究进展 [J ] ．电子学报 , 2010 , 38 ( 7 ): 1660 - 1667 .

WANG X M , FU H , ZHANG L C , et al . Research progress on attribute-based access control [J ] . Acta Electronica Sinica , 2010 , 38 ( 7 ): 1660 - 1667 .

PIRRETTI M , TRAVNOR P , MCDANIEL P , et al . Secure attribute-based systems [J ] . Journal of Computer Security , 2010 , 18 ( 5 ): 799 - 837 .

李凤华 , 王巍 , 马建峰 , 等 . 基于行为的访问控制模型及其行为管理 [J ] ．电子学报 , 2008 , 36 ( 10 ): 1881 - 1890 .

LI F H , WANG W , MA J F , et al . Action-based access control model and administration of actions [J ] . Acta Electronica Sinica , 2008 , 36 ( 10 ): 1881 - 1890 .

RIVEST R , SHAMIR A , WAGNER D A . Time-lock puzzles and timed-release crypto [R ] . MIT LCS Tech.Report MIT/LCS/TR-684 , 1996 .

CATHALO J , LIBERT B , QUISQUATER J J . Efficient and non-interactive timed-release encryption [M ] . Information and Com-munications Security , 2005 : 291 - 303 .

PATERSON K G , QUAGLIA E A . Time-specific encryption [M ] // Security and Cryptography for Networks , 2010 : 1 - 16 .

ZHOU L , VARADHARAJAN V , HITCHENS M . Enforcing role-based access control for secure data storage in the cloud [J ] . The Computer Journal , 2011 , 54 ( 10 ): 1675 - 1687 .

BONEH D , FRANKLIN M . Identity-based encryption from the weil pairing [C ] // CRYPTO , California,USA c2001 : 213 - 229 .

ROUSELAKIS Y , WATERS B . Practical constructions and new proof methods for large universe attribute-based encryption [C ] // ACM Con-ference on Computer and Communications Security . Berlin,Germany , c2013 : 463 - 474 .

LEWKO A , WATERS B . Unbounded HIBE and attribute-based en-cryption [C ] // Annual International Conference on the Theory and Ap-plications of Cryptographic Techniques . Tallinn,Estonia , c2011 : 547 - 567 .

GOYAL V , PANDEY O , SAHAI A , et al . Attribute-based encryption for fine-grained access control of encrypted data [C ] // ACM Conference on Computer and Communications Security . VA,USA , c2006 : 89 - 98 .

BETHENCOURT J , WATERS B . Ciphertext-policy attribute-based encryption [C ] // IEEE Symposium on Security and Privacy . California,USA , c2007 : 321 - 334 .

洪澄 , 张敏 , 冯登国 . AB-ACCS一种云存储密文访问控制方法 [J ] ．计算机研究与发展， 2010 , 47 ( Z1 ): 259 - 265 .

HONG C , ZHANG M , FENG D G . AB-ACCS:a cryptographic access control scheme for cloud storage [J ] . Journal of Computer Research and Development , 2010 , 47 ( Z1 ): 259 - 265 .

CHENG Y , REN J , WANG Z , et al . Re-encryption optimization in CP-ABE based cryptographic cloud storage [C ] // International Confe-rence on Cloud and Green Computing . Huanan,China , C2012 : 173 - 179 .

CHASE M , CHOW S S M . Improving privacy and security in mul-ti-authority attribute-based encryption [C ] // ACM conference on Com-puter and Communications Security . Illinois,USA , C2009 : 121 - 130 .

LIU X , ZHANG Y , WANG B , et al . Mona:secure multi-owner data sharing for dynamic groups in the cloud [J ] . IEEE Transaction on Pa-rallel and Distributed Systems , 2013 , 24 ( 6 ): 1182 - 1191 .

浏览量

1518

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向云存储且支持重加密的多关键词属性基可搜索加密方案

基于区块链的噪声化数据分享控制协议

雾计算中基于无配对CP-ABE可验证的访问控制方案

雾计算中细粒度属性更新的外包计算访问控制方案

基于区块链的可溯源访问控制机制