Dynamic and adaptive access control model

Guo-zhen SHI; Hao-jie WANG; Yun-fei CI; Si-shui YE; Yun-chuan GUO

doi:10.11959/j.issn.1000-436x.2016220

您当前的位置：

首页 >

文章列表页 >

Dynamic and adaptive access control model

academic paper | 更新时间：2024-06-05

- Dynamic and adaptive access control model
- Journal on Communications Vol. 37, Issue 11, Pages: 49-56(2016)
- 作者机构：
  
  1. 北京电子科技学院信息安全系，北京 100070
  2. 西安电子科技大学计算机学院，陕西西安 710071
  3. 西安电子科技大学通信工程学院，陕西西安 710071
  4. 瑞庭网络技术（上海）有限公司房产技术部，上海 200127
  5. 中国科学院信息工程研究所信息安全国家重点实验室，北京 100093
- 作者简介：
- 基金信息：
  
  The National Key Research Program of China(2016YFB0800304);The Natural Science Foundation of Beijing(4152048);The Natural Science Foundation of Jiangsu Province(BK20150787)
- DOI：10.11959/j.issn.1000-436x.2016220
  CLC： TP302
- Online First：2016-11，
  
  Published：25 November 2016
- 稿件说明：
移动端阅览
Guo-zhen SHI, Hao-jie WANG, Yun-fei CI, et al. Dynamic and adaptive access control model[J]. Journal on Communications, 2016, 37(11): 49-56.
DOI：

Guo-zhen SHI, Hao-jie WANG, Yun-fei CI, et al. Dynamic and adaptive access control model[J]. Journal on Communications, 2016, 37(11): 49-56. DOI： 10.11959/j.issn.1000-436x.2016220.

摘要

随着云计算技术、智慧城市及移动办公的发展和移动智能设备的出现，资源所处的网络环境越来越复杂，传统的访问控制模型已很难满足多样化的访问控制条件以及访问控制策略动态自适应调整的需求。以基于行为的访问控制模型为基础，结合资源生命周期管理，提出了一种动态自适应访问控制模型。该模型以资源生命周期为中心，充分考虑资源的生命周期阶段及其访问控制策略的关联性和动态性，使资源访问控制策略能够随着资源生命周期所处阶段的变化而自动变化，提高了访问控制的灵活性和复杂网络环境下的适用性；模型加入用户访问行为历史管理功能，考虑用户的历史访问行为，进一步约束主体的访问能力，提高模型适应开放的网络环境的能力。最后，在通用访问控制系统和云访问控制系统中对该模型进行了实现和验证。

Abstract

With the development of cloud computing technology

smart city and mobile office and emergence of mobile smart devices

the resources' environment is increasing complex. The traditional access control model has been difficult to meet the diverse access control requirements and the dynamic and adaptive access control policy. A dynamic and adap-tive access control model combining the resource life cycle management based on ABAC was proposed. The model fo-cused on resource life cycle management considering the relevance of the resource life cycle management and access control policy. In this model

the policy can be changed as the resource life cycle states' change

so the applicability has been improved. In addition

the user access behavior history management function was added in this model

which can adapt the environment better by considering history of user access behavior. At last

the model in general and cloud com-puting access control system was implemented and verified.

关键词

Keywords

references

SANDHU R S , COYNE E J , FEINSTEIN H L , et al . Role-based access control models [J ] . Computer , 1996 , 29 ( 2 ): 38 - 47 .

SANDHU R , BHAMIDIPATI V , MUNAWER Q . The ARBAC97 model for role-based administration of roles [J ] . ACM Transactions on Information ＆ System Security , 1999 , 2 ( 1 ): 105 - 135 .

李凤华，苏铓，史国振，等．访问控制模型研究进展及发展趋势 [J ] . 电子学报 , 2012 , 40 ( 4 ): 805 - 813 .

LI F H , SU M , SHI G Z , et al . Research status and development trends of access control model [J ] . Acta Electronica Sinica , 2012 , 40 ( 4 ): 805 - 813 .

RANISE S , TRUONG A , ARMANDO A . Scalable and precise auto-mated analysis of administrative temporal role-based access con-trol [C ] // ACM Symposium on Access Control Models and Technolo-gies. ACM , 2014 : 103 - 114 .

XU D , KENT M , THOMAS L , et al . Automated model-based testing of role-based access control using predicate/transition nets [J ] . IEEE Transactions on Computers , 2015 , 64 ( 9 ): 2490 - 2505 .

STOLLER S D , YANG P , GOFMAN M I , et al . Symbolic reachability analysis for parameterized administrative role-based access con-trol [C ] // ACM Symposium on Access Control Models and Technolo-gies. ACM . 2009 : 148 - 164 .

UZUN E , ATLURI V , VAIDYA J , et al . Security analysis for temporal role based access control [J ] . Uzun Emre , 2014 , 22 ( 6 ): 177 - 186 .

BERTINO E , BONATTI P A , FERRARI E . TRBAC: a temporal role-based access control model [J ] . ACM Transactions on Information＆ System Security , 2001 , 4 ( 3 ): 191 - 233 .

SHARMA M , SURAL S , VAIDYA J , et al . AMTRAC: an administra-tive model for temporal role-based access control [J ] . Computers ＆Security , 2013 , 39 ( 39 ): 201 - 218 .

TOAHCHOODEE M , RAY I . On the formalization and analysis of a spatio-temporal role-based access control model [C ] // IFIP Wg 11.3 Working Conference on Data and Applications Security. Springer-Verlag , 2008 : 399 - 452 .

谭智勇，刘铎，司天歌，等．一种具有可信度特征的多级安全模型 [J ] . 电子学报 , 2008 , 36 ( 8 ): 1637 - 1641 .

TAN Z Y , LIU D , SI T G , et al . A multilevel security model with credibil-ity characteristics [J ] . Acta Electronica Sinica , 2008 , 36 ( 8 ): 1637 - 1641 .

BO L , CHUNXIA J , YILIN L . A user access policy based on dynamic sensitivity label [C ] // Network Computing and Information Security, International Conference on IEEE . 2011 : 13 - 16 .

李凤华，王巍，马建峰，等．基于行为的访问控制模型及其行为管理 [J ] . 电子学报 , 2008 , 36 ( 10 ): 1881 - 1890 .

LI F H , WANG W , MA J F , et al . Action-based access control model and administration of actions [J ] . Acta Electronica Sinica , 2008 , 36 ( 10 ): 1881 - 1890 .

李良军 . PLM 中权限控制的研究与设计 [D ] . 西安：西安电子科技大学 , 2012 .

LI L J . Research and design of access-control in product lifecycle management (PLM) [D ] . Xi'an: Xidian University , 2012 .

Views

1502

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Reversible data hiding in encrypted domain based on fine-grained access control

Byzantine fault-tolerant distributed access control mechanism for the Internet of things

Modeling and verification of data circulation control based on timed automata

Multi-keyword attribute-based searchable encryption scheme supporting re-encryption for cloud storage

Blockchain-based noisy data sharing control protocol

Related Author

ZHANG Minqing

PENG Shen

JIANG Chao

DI Fuqiang

DONG Yufeng

CHAI Rong

AI Liping

YANG Ningyu

Related Institution

Key laboratory of CTC&IE (Engineering University of PAP), Ministry of Education

College of Cryptography Engineering, Engineering University of PAP

Chongqing Key Laboratory of Mobile Communication Technology

School of Communications and Information Engineering, Chongqing University of Posts and Telecommunications

School of Computer Science, School of Cyber Science and Engineering, Nanjing University of Information Sciences & Technology

AI问答

⁰