基于目录服务的分布式安全策略的研究
|
摘要
大型企业的信息基础实施需要集成跨组织的网络系统和大量基于Internet的服务,这给企业信息化研究和实践人员带来了极大的挑战。下一代网络把面向应用和面向任务(Mission)作为评估网络的重要标准。分布式系统也正在由传统的客户端/服务器模式转变为更加动态化的面向服务的模式。基于网络的信息系统一向是一个分布式的计算环境,我们现在面对的信息系统,是一个高度互联、高速、多媒体、智能化、人机交互的非线性的复杂大系统。随着技术和市场的驱动,越来越多的技术、标准和设备被引入到信息系统中,网络和系统规模在迅速的增长,企业将面临更大的安全和复杂度威胁,也就迫切需要一种能够有效地管理网络系统资源并能提供安全可靠服务的手段。
本文的论题限定在分布式(异构)环境下的安全策略的研究和相关实现,侧重于对访问控制策略融合模型的研究,并对其实现做了简单的论述。密切联系实际的思路奠定了论文的基调。
论文结合当前信息化研究的成果建立了一个简单的E化企业的理想信息模型,从该模型入手,对企业计算环境所面临的安全性和管理问题进行了评估。提出在当前分布式的异构的计算环境下,随着企业应用的增加,在没有良好规划的情况下(事实正是如此),计算实体的管理尤其是安全、可信度的管理将会是企业发展的瓶颈。
基于策略的网络管理系统是解决此类问题的趋势。操作系统提供的计算环境相对来说是比较可信的,它所采用的集中式访问控制系统应该是问题展开的一个良好的开端。它所实践的访问控制通用框架(GFAC),采用分层和隔离的方法,提供了一个高度抽象的访问控制复用框架。对于分布式的计算环境,采用一种分布式的访问控制系统将会提供一个与“E化企业”具有相同本质(分布式)的解决方案。但是问题在于如何有效的管理分布式环境下的实体对象?如何提高管理策略的复用程度?对于第一个问题集中式的目录服务是对症下药的处方;而第二个问题,笔者借鉴了Imperial大学策略研究组的研究成果,通过其构建的Ponder语言对E化企业的安全策略进行形式化描述,提供管理策略的有效复用。
本文的创新之处在于参照GFAC的基本框架,从方便管理的角度对其进行了扩展,建立了一个基于目录服务和策略的分布式访问控制模型,并对其实现和保护现有投资等方面的问题进行了讨论,为E化企业信息资源的有效管理和可信计算环境的建立提供参考。
Now, large enterprises need integrate organizational network and plenty of Internet-based services in their information infrastructure which takes new challenge to IT researchers and engineers. NGNs enforced application-oriented and mission-oriented to evaluate network. Distributed systems are changing from traditional server-client model to a more dynamic service-oriented model. Network-based information systems are born of distributed computing environment, at present the system we faced is a non-linear complicated system with tightly linked, high speedy, multimedia, intelligent and friendly elements. Driven by technology and market, more and more new technology, standards and devices were introduced into information systems. Scale of present networks and systems grow rapidly, while enterprises will be burdened with new-coming security and complexity problem. Enterprises need a new method to simplify system resources management and to protect their mission-crisis wealth effectively.
This article is concerned with research and relating implementation of security policy under distributed environment, it emphasizes on access control policy model.
In this article we first worked out an ideal information model of E-enterprise, later discussed the security and management problem of this model. At the end concluded that as application adding, without good layout, computing entities management especially security and reliability management will be the bottleneck of enterprises development.
Policy-based management system brings us a good method to solve this bottleneck. As a centralized access control system, Operating system is a good example, it based on GFAC(General Framework of Access Control). We introduced a distributed access control system, but new questions should be concerned. First, how to effectively manage entity objects under distributed environment? Second, how to reuse management policy? For the former question, we relied on directory service. For latter one, with the help of Ponder language(from Imperial university policy research group), we can easily formalize the definition of security policy, gain the maximum reuse.
本文的论题限定在分布式(异构)环境下的安全策略的研究和相关实现,侧重于对访问控制策略融合模型的研究,并对其实现做了简单的论述。密切联系实际的思路奠定了论文的基调。
论文结合当前信息化研究的成果建立了一个简单的E化企业的理想信息模型,从该模型入手,对企业计算环境所面临的安全性和管理问题进行了评估。提出在当前分布式的异构的计算环境下,随着企业应用的增加,在没有良好规划的情况下(事实正是如此),计算实体的管理尤其是安全、可信度的管理将会是企业发展的瓶颈。
基于策略的网络管理系统是解决此类问题的趋势。操作系统提供的计算环境相对来说是比较可信的,它所采用的集中式访问控制系统应该是问题展开的一个良好的开端。它所实践的访问控制通用框架(GFAC),采用分层和隔离的方法,提供了一个高度抽象的访问控制复用框架。对于分布式的计算环境,采用一种分布式的访问控制系统将会提供一个与“E化企业”具有相同本质(分布式)的解决方案。但是问题在于如何有效的管理分布式环境下的实体对象?如何提高管理策略的复用程度?对于第一个问题集中式的目录服务是对症下药的处方;而第二个问题,笔者借鉴了Imperial大学策略研究组的研究成果,通过其构建的Ponder语言对E化企业的安全策略进行形式化描述,提供管理策略的有效复用。
本文的创新之处在于参照GFAC的基本框架,从方便管理的角度对其进行了扩展,建立了一个基于目录服务和策略的分布式访问控制模型,并对其实现和保护现有投资等方面的问题进行了讨论,为E化企业信息资源的有效管理和可信计算环境的建立提供参考。
Now, large enterprises need integrate organizational network and plenty of Internet-based services in their information infrastructure which takes new challenge to IT researchers and engineers. NGNs enforced application-oriented and mission-oriented to evaluate network. Distributed systems are changing from traditional server-client model to a more dynamic service-oriented model. Network-based information systems are born of distributed computing environment, at present the system we faced is a non-linear complicated system with tightly linked, high speedy, multimedia, intelligent and friendly elements. Driven by technology and market, more and more new technology, standards and devices were introduced into information systems. Scale of present networks and systems grow rapidly, while enterprises will be burdened with new-coming security and complexity problem. Enterprises need a new method to simplify system resources management and to protect their mission-crisis wealth effectively.
This article is concerned with research and relating implementation of security policy under distributed environment, it emphasizes on access control policy model.
In this article we first worked out an ideal information model of E-enterprise, later discussed the security and management problem of this model. At the end concluded that as application adding, without good layout, computing entities management especially security and reliability management will be the bottleneck of enterprises development.
Policy-based management system brings us a good method to solve this bottleneck. As a centralized access control system, Operating system is a good example, it based on GFAC(General Framework of Access Control). We introduced a distributed access control system, but new questions should be concerned. First, how to effectively manage entity objects under distributed environment? Second, how to reuse management policy? For the former question, we relied on directory service. For latter one, with the help of Ponder language(from Imperial university policy research group), we can easily formalize the definition of security policy, gain the maximum reuse.
引文
[1] 《企业网络计算的参考框架与关键技术及其支持环境的研究》沈备军2002年1月
[2] 《使用Microsoft.NET的企业解决方案模式》http://support. microsoft. com
[3] D. E. Bell, L.LaPadula, "Secure Computer Systems: A Mathematical Model", Mitre Corporation, Bedford, Mass.01730, January 1973.
[4] M.Abrams, L.LaPadula, M.Lazear, I.Olson, "Reconciling a Formal Model and Prototype Implementation - Lessons Learned in Implementing the ORGCON Policy", Mitre Corporation, Bedford, Mass.01730, November 1991.
[5] L.LaPadula, "Rule-Set Modeling of Trusted Computer System", Essay 9 in: M.Abrams, S.Jajodia, H.Podell, "Information Security -An integrated Collection of Essays", IEEE Computer Society Press, 1995
[6] Fisher-Hubner, S., Ott, A., From a Formal Privacy Model to its Implementation, Proceedings of the 21st National Information Systems Security Conference(NISSC'98), Arlington,VA, 1998,http://www.rsbac.org/niss98.htm
[7] Ott,A.,Fischer-Hubner, S.,Swimmer, M., Approaches to Integrated Malware Detection and Avoidance, Proceedings of the 3rd Nordic Workshop on Secure IT Systems, Trondheim, November 5-6,1998, http://www.rsbac.org/nordse98.htm
[8] 《未来的标准Linux内核的通用安全支持框架》作者 赵亮 南京大学计算机系硕士研究生 http://www-900.ibm.com/developerWorks/cn/linux/l-lsm/part 1/index.shtml
[9] 《基于LSM的安全访问控制实现》作者 阮越 王成耀 北京科技大学计算机系
[10] 《中国信息安全体系机构基本框架与构想》版权:中国计算机软件与技术服务总公司信息安全实验室
[11] Information Assurance Technical Framework, Version 3.1, Sept. 2002, Issued by National Security Agency, Information Assurance Solutions, Technical Directors
[12] 《信息安全系统模型、平台与工程》作者 张翔,http://www. antpower. org
[13] Authentication in Distributed Systems: Theory and Practice, Author Butler Lampson, Martin Abadi, Michael Burrows and Edward Wobber, Digital Equipment Corporation.
[14] 《分布式计算的安全原理》(美)布鲁斯(Bruce,G),(美)邓普赛(Dempsey,R.)著;李如豹等译。北京:机械工业出版社,2002.9
[15] Understanding LDAP White Paper, Author Dan Thompson,Microsoft Corporation.
[16] 《青鸟网上构件库系统的访问控制机制》作者 邹炜,孙家马肃,孙艳春,软件学报 2002第13期
[17] Sandhu, R., Coyne, E., Feinstein, H., et al. Role-Based access control models. IEEE Computer, 1996, 29(2): 38~47.
[18] Ponder: A Language for Specifying Security and Management Policies for Distributed Systems, The Language Specification Version 2.3, Imperial College Research Report Doc 2000/1, Nicodemos Damianou, Naranker Dulay, Emil Lupu, Morris Sloman, http://www-dse.doc.ic.ac.uk/policies
[19] RFC2252 Lightwright Directory Access Protocol(v3): Attribute Syntax Definitions和LDAP: Directory Information Models
[20] 《安全协议20年研究进展》作者 卿斯汉 软件学报 2003 Vol.14,No.10
[2] 《使用Microsoft.NET的企业解决方案模式》http://support. microsoft. com
[3] D. E. Bell, L.LaPadula, "Secure Computer Systems: A Mathematical Model", Mitre Corporation, Bedford, Mass.01730, January 1973.
[4] M.Abrams, L.LaPadula, M.Lazear, I.Olson, "Reconciling a Formal Model and Prototype Implementation - Lessons Learned in Implementing the ORGCON Policy", Mitre Corporation, Bedford, Mass.01730, November 1991.
[5] L.LaPadula, "Rule-Set Modeling of Trusted Computer System", Essay 9 in: M.Abrams, S.Jajodia, H.Podell, "Information Security -An integrated Collection of Essays", IEEE Computer Society Press, 1995
[6] Fisher-Hubner, S., Ott, A., From a Formal Privacy Model to its Implementation, Proceedings of the 21st National Information Systems Security Conference(NISSC'98), Arlington,VA, 1998,http://www.rsbac.org/niss98.htm
[7] Ott,A.,Fischer-Hubner, S.,Swimmer, M., Approaches to Integrated Malware Detection and Avoidance, Proceedings of the 3rd Nordic Workshop on Secure IT Systems, Trondheim, November 5-6,1998, http://www.rsbac.org/nordse98.htm
[8] 《未来的标准Linux内核的通用安全支持框架》作者 赵亮 南京大学计算机系硕士研究生 http://www-900.ibm.com/developerWorks/cn/linux/l-lsm/part 1/index.shtml
[9] 《基于LSM的安全访问控制实现》作者 阮越 王成耀 北京科技大学计算机系
[10] 《中国信息安全体系机构基本框架与构想》版权:中国计算机软件与技术服务总公司信息安全实验室
[11] Information Assurance Technical Framework, Version 3.1, Sept. 2002, Issued by National Security Agency, Information Assurance Solutions, Technical Directors
[12] 《信息安全系统模型、平台与工程》作者 张翔,http://www. antpower. org
[13] Authentication in Distributed Systems: Theory and Practice, Author Butler Lampson, Martin Abadi, Michael Burrows and Edward Wobber, Digital Equipment Corporation.
[14] 《分布式计算的安全原理》(美)布鲁斯(Bruce,G),(美)邓普赛(Dempsey,R.)著;李如豹等译。北京:机械工业出版社,2002.9
[15] Understanding LDAP White Paper, Author Dan Thompson,Microsoft Corporation.
[16] 《青鸟网上构件库系统的访问控制机制》作者 邹炜,孙家马肃,孙艳春,软件学报 2002第13期
[17] Sandhu, R., Coyne, E., Feinstein, H., et al. Role-Based access control models. IEEE Computer, 1996, 29(2): 38~47.
[18] Ponder: A Language for Specifying Security and Management Policies for Distributed Systems, The Language Specification Version 2.3, Imperial College Research Report Doc 2000/1, Nicodemos Damianou, Naranker Dulay, Emil Lupu, Morris Sloman, http://www-dse.doc.ic.ac.uk/policies
[19] RFC2252 Lightwright Directory Access Protocol(v3): Attribute Syntax Definitions和LDAP: Directory Information Models
[20] 《安全协议20年研究进展》作者 卿斯汉 软件学报 2003 Vol.14,No.10