详细信息    本馆镜像全文|  推荐本文 |  |   获取CNKI官网全文
     4.提出了一种基于元图理论的主动模糊访问控制规则集终止性分析方法。首先给出了模糊触发元图(Fuzzy Triggering Metagraph, FTMG)定义,用以表示主动模糊访问控制规则之间复杂的触发和激活关系;然后给出了一个基于FTMG的主动模糊访问控制规则集终止性分析方法,即通过分析FTMG的邻接矩阵闭包,寻找最小真触发环,判断主动模糊访问控制规则集的终止性;最后通过一个实例详细说明了算法的具体分析过程,并验证了该方法的正确性。
     6.设计并实现了一个普适计算环境下的智能访问控制原型系统(Smart Access Control System, SACS)。首先给出了SACS系统的体系结构设计及授权流程,然后对访问控制相关模块的设计与实现进行了详细说明,并给出了相关实现算法和部分实现代码;最后通过仿真实验测试了SACS原型系统的运行效率,通过对比实验验证了本文提出的基于元图的主动模糊访问控制规则集终止性分析算法具有较好的正确性和较高的效率。
With the development of mobile device, smart phone and sensor technology, ubiquitous computing is entering into people's lives. One of the important features of ubiquitous computing is that the computers are able to perceive the changes in the physical world, and make the initiative to adjust their behavior and provide better services for people. In other words, the computers become more intelligent through the perception and analysis of the contexts from the physical world, therefore, the connectivity and integration of human society, information space and physical world is becoming the important feature of the next generation of the ubiquitous computing technology, and the ubiquitous computing will provide a harmonious environment with more transparent, more intelligent, greener and more secure services.
     With the deepening of the pervasive computing research, which the security issue becomes a focus problem (such as the confidentiality, integrity, availability and privacy of the information), at the same time, it is one of the main problem to hinder the pervasive computing to large-scale practical application from the theoretical and experimental stage; on the other hand, the traditional security mechanism is difficult to meet the security needs of the complex environment of pervasive computing, as the pervasive computing has the characteristics of distributed, dynamic, uncertainty. So, the access control is one of the kernel technology to protect computer security, and it is very effective to the security control of complex information systems, and it will also become the key technology to ensure secure of pervasive computing. However, the existing access control generally adopt centralized security policy management mode and determined information (including security policy, subject identity) based static authorization, such passive access control in the closed environment, is no longer applicable to highly open pervasive computing environment. To achieve a safe and effective control of resources in the pervasive computing environment, it is necessary to establish a new access control mechanism:the established new mechanism not only be able to trigger specific events in the ubiquitous environment, take the initiative to adjust the authorization policy changed adaptively control strength to ensure the safety and flexibility of permissions; but also it can support the authorization inference between the uncertain context information and fuzzy trust relationship, and give the result of the determininged authorization decision to ensure the correctness and intelligence of the authorization process. As the energy of the pervasive equipment is limited, the performance of access control system is higher, therefore, the access control system in pervasive computing environment shoule not only ensure the correctness and confluence of authorization inference results, and also prevent invalid circular reasoning, in order to guarantee the termination of the authorization decision process.
     In this paper, to address the problem of access control in pervasive computing environment, we propose an active fuzzy access control method.and its realization mechanism used in pervasive computing environment, which is analyzed deeply the dynamic behavior of the access control system. In the proposed method, the active database theory, metgraphs theory, interval-valued fuzzy set theory, interval-valued fuzzy inference method and fuzz control technology are introduced into the traditional access control technology, and the active fuzzy access control technology is studied from three aspects:access control strategy, model and mechanism, which solve the fuzzy uncertainty and dynamic adaptive of pervasive computing, and provide a new idea for smart access control system. The mainly works of the paper are as follows:
     (1) A fuzzy access control model for ubiquitous computing is presented, which is established to uncertainty context information and fuzzy trust relationship, and the authorization decision process is also introduced to this model. Furthermore, the permission of the user is obtained by the fuzzy inference of the satisfaction degree of the context condition, the level of trust of the user and the risk of the user's role activate. At last, the architecture of model and the design of fuzzy inference machine are detailed presented.
     (2) An active access control model for ubiquitous computing is presented, which is established by introducing the space role, environment role and security level, to realize the user can active the different roles and use the different permissions under different security level. Moreover, an active access control mode is designed based on the trigger mechanism of ECA rules, That is, the model can initiative to adjust the access control level and security control strategy according to the changes in the context, to realize an adaptive control for resources.
     (3) An active fuzzy access control model for ubiquitous computing is presented. Firstly, the interval-valued fuzzy set theory and active database technology is introduced into access control rule model, and an active interval-valued fuzzy access control rule is presented to describe the active fuzzy security strategy of pervasive computing environment; secondly, an active fuzzy access control model based on active interval-valued fuzzy access control rule is presented; finally,the termination and confiluence analysis problems of active fuzzy access control rule set is presented.
     (4) A termination analysis method based on metgraph theory for active fuzzy access control rules set is presented. Firstly, the concept of termination is given; secondly, a termination analysis method based on fuzzy trigger metgraph is presented, and the theorem and algorithm are presented; Finally, the simulation results demonstrate that the accuracy and efficiency of the proposed method.
     (5) A confluence analysis method based on metgraph theory for active fuzzy access control rules set is presented. Firstly, the concept of confluence is given; secondly, a confluence analysis method based on fuzzy trigger metgraph is presented, and the theorem and algorithm are presented; lastly, an example show the specific analysis procedure.
     (6) A prototype system of smart access control is designed and implemented. System architecture is presented, fuzzy reasoning efficiency is proved. Firstly, the architecture design and authorization process of the SACS are given; and then, the details of realizing the access control module are explained; finally, we compare the efficiency of the prototype system to the termination analysis of the access control rules set.
[1]Weiser M. The computer for the 21st century[J]. Scientific American,1991,265(3): 94-104.
    [2]Satyanarayanan M. Pervasive computing:vision and challenges [J]. IEEE Personal Communications,2001,8(4):10-17.
    [4]Friedewald M, Raabe O.Ubiquitous computing:An overview of technology impacts[J].Telematics and Informatics,2011,28(2):55-65.
    [5]Fernando N, Loke S, Rahayu W. Mobile cloud computing:A survey. Future Generation Computer Systems[J],2012,29(12):84-106.
    [6]Agarwal N, Xu XW. Social computational systems[J]. Journal of Computational Science,2011,2(3):189-192.
    [7]MIT Project Oxygen. http://oxygen.lcs.mit.edu/
    [8]Garlan D,Siewiorek DP, Smailagic A, et al. Project Aura:toward distraction-free pervasive computing[J]. IEEE Pervasive Computing,2002,1(2):22-31.
    [9]Gaia:active space for ubiquitous computing. In:Department of Computer Science, University of Illinois at Urbana-Champaign,2003.
    [10]Disappearing computer. In:The Disappearing Computer Initiative funded by Europe Union(EU),2002.
    [11]Easy Living.In:Microsoft Research,2003.
    [12]Smart Classroom. In:Key Laboratory of PervasiveComputing,Tsinghua University, Ministry of Education Beijing,China,2003.
    [13]Hayat Z, Reeve J, Boutle C. Ubiquitous security for ubiquitous computing[J]. Information Security Technical Report,2007,12(3):172-178.
    [16]Shehab M, Squicciarini A, Ahn G et al. Access control for online social networks third party applications[J]. Computers & Security,2012,31(8):897-911.
    [17]Sandu R, Samarati P. Access control:principles and practice[J]. IEEE Commu-nications Magazine,1994,32(9):40-48.
    [19]Wang H, Zhang Y. Access control management for ubiquitous computing[J]. Future Generation Computer Systems,2008,24(8):870-878.
    [21]Wang J, Yang Y,Yurcik W. Secure smart environments:security requirements, challenges and experiences in pervasive computing[C]. In:Proc. of NSF Pervasive Computing Infrastructure and Experience Workshop,2005:36-48.
    [22]Hutter D, Stephan W, Ullmann M. Security and privacy in pervasive computing: state and future directions [J]. Lecture Notes in Computer Science,2004,2802: 285-289.
    [23]Hosmer H. Security is fuzzy:applying the fuzzy logic paradigm to the muti-policy paradigm[C]. In:Proceedings of the ACM Workshop on New security Paradigms, ACM Press,1993:175-184.
    [24]Lech J. Need-to-Know principle and fuzzy security modelling[J]. Journal of Information Management & Computer Security,2000,8(5):210-217.
    [25]Patroklos, Argyoudis G, Mahony D. An authorization management architecture for ubiquitous computing[J]. Lecture Notes in Computer Science,2004,3093: 246-259.
    [26]Richard A, Berrached A. Using fuzzy relation equations for adaptive access control in distributed system [C]. In:Proc. of the IFIP International Conference on Distributed Computing and Security, IFIP Press,2000:81-86.
    [27]Sandhu R, Kumar R, Zhang XW. Secure information sharing enabled by trusted computing and P-E-I models[C]. In:Proc. of ACM Symposium on Information, Computer and Communication Security, ACM Press,2006:66-75.
    [28]Zhang GS. SESAME:scalable, environment sensitive access management engine[J]. Journal of Cluster Computing,2006,9(1):19-27.
    [29]Patroklos, Argyoudis G, Mahony D. An authorization management architecture for ubiquitous computing[J]. Lecture Notes in Computer Science,2004,3093: 246-259.
    [30]Basu A, Robert W. Metagraphs and Their Applications[M]. Springer-Verlag New York, Secaucus, NJ, USA,2006.
    [31]Lampson BW. Protection[J]. Operating System Rev.,1974,8(1):18-24.
    [32]Department of Defense. Trusted computer system evaluation criteria (TESEC). Technical Report, DOD 5200.28-STD,1985.
    [36]Harrison MA, Ruzzo WL, Ullman JD. Protection in operating systems[J]. Comm-unications of ACM,1976,19(8):461-471.
    [37]Bell DE, Lapadula LJ. Secure Computer Systems:Mathematical Foundations[M], Vol.1. Bedford:The Mitre Corporation,1973.
    [38]Ferraiolo D, Kuhn DR. Role-Based access control[C]. In:Proc. of the 15th National Computer Security Conf.1992,554-563.
    [39]Sandhu R, Coyne EJ, Feinstein HL et al. Role-Based access control models[J]. IEEE Computer,1996,29(2):38-47.
    [40]Sandhu R, Bhamidipati V, Munawer Q. The ARBAC97 model for role-based adm-inistration of roles[J]. ACM Trans. on Information and System Security (TISSEC),1999,2(1):105-135.
    [41]Sandhu R, Munawer Q. The ARBAC99 model for administration of roles[C]. In: Proc. of the 15th Annual Computer SecurityApplications Conf. Washington:IEEE Computer Society,1999.229-238.
    [42]Ferraiolo DF, Sandhu R, Gavrila S. Proposed NIST standard for role-based access control[J]. ACM Trans. on Information and Systems Security (TISSEC),2001, 4(3):224-274.
    [43]Thomas RK, Sandhu RS. Task-Based authentication control (TBAC):A family of models for active an enterprise-oriented authentication management[C]. In:Proc. of the 1 lth IFIP Conf. on Database Security,California,1997,11-13.
    [44]Oh S, Park S. Task-Role-Based access control model[J]. Information System,2003, 28(6):533-562.
    [45]Oh S, Park S. Task-Role-Based access control model[J]. Information System,2003, 28(6):533-562.
    [46]Park J, Sandhu R. Towards usage control models:Beyond traditional access control [C]. In:Proc. of the 7th ACM Symp. on Access Control Models and Tech-nologies,California,2002,57-64.
    [47]Park J, Sandhu R. The UCONABC usage control model[J]. ACM Trans. on Infor-mation and System Security,2004,7(1):128-174.
    [48]Sandhu R, Park J. Usage control:A vision for next generation access control[C]. In Proc. of the 2nd Int'1 Workshop on Mathematical Methods, Models and Arch-itectures for Computer Networks Security, LNCS 2776, Berlin:Springer-Verlag, 2003,17-31.
    [49]Youna J, James BD. CRiBAC:Community-centric role interaction based access control model[J].Computers Security,2012,3(1):497-523.
    [50]Zhang G, Parashar M. Context-aware dynamic access control for pervasive appli-cations[EB/OL], http://citeseer.ist.psu.edu/687356.html,2007.
    [51]Park S, Han Y,Chung T.Context-Role Based Access Control for Context-Aware Application[C]. In:Proc of second internation conference, HPCC2006,Munich, Germany,2006.
    [52]Damiani M, Bertino E, Catania B et al. GEO-RBAC:A spatially aware RBAC[J]. ACM Transactions on Information Systems and Security,2007,10(1):1-42.
    [53]Hu J, Weaver AC. A dynamic context-aware security infrastructure fordistri-buted healthcare applications[C]. In:Proc of the 1st Workshop on Pervasive Privacy Security, Privacy and Trust, Boston,2004.
    [54]Antonios G, Ioannis M. domRBAC:An access control model for modem collabor-ative systems[J]. Computers & Security,2012,31(4):540-556.
    [57]Wu J, Shimamoto S. Usage control based security access scheme for wireless sensor networks[C]. In:Proc. of the IEEE International Conference on the Comm-unications (ICC 2010), Cape Town, South Africa,2010.
    [58]Hourdin V, Tigli J, Lavirotte S et al. Context-sensitive authorization in interaction patterns[C]. In:Proc. of the 6th International Conference on Mobile Technology, Application & Systems, Nice, France,2009.
    [64]Chakraborty S, Ray I. TrustBAC-Integrating trust relationships into the RBAC-models for access control in open systems[C]. In:Proc. of 11th ACM Symposium on Access Control Models and Technologies, Lake Tahoe:ACM,2006:49-58.
    [72]Richard A, Berrached A. Using fuzzy relation equations for adaptive access control in distributed system[C]. In:Proc. of the IFIP International Conference on Distributed Computing and Security, IFIP Press,2000:81-86.
    [73]Sergei Ovchinnikov. Fuzzy sets and secure computer systems[C]. In:Proc.of the IEEE Workshop on Computer and System Security, IEEE Press,2002:626-75.
    [74]Zadeh LA. Fuzzy set [J]. Information and Control,1965,8(3):338-353.
    [75]Zadeh LA. Fuzzy set and system[C]. In:Proc. of the symposium on system theory, New York,1965:29-39.
    [76]Wang HF, Huang ZH. Top-down fuzzy decision making with partial preference information[J]. Fuzzy optimization and decision making,2002,1(2):161-176.
    [77]Zhang S, He D. Fuzzy model for trust evaluation[J] Journal of Southwest Jiaotong University,2006,14(1):23-28.
    [78]Nawarathna UH, Kodithuwakku SR. A Fuzzy Role Based Access Control Model for Database Security[C]. In:Proc. of the International Conference on Information and Automation, Colombo,2005:15-18.
    [80]Takabi, Amini, Jalili. Enhancing role-based access control model through fuzzy Relations [J]. Information Assurance and Security,2007:131-136.
    [81]Hassan T, Amini M, Jalili R. Separation of duty in role-based access control model through fuzzy relations[C]. In:Proc. of the 3rd international symposium on infor-mation assurance and security,2007:125-130.
    [82]Wang XM. Pervasive computing oriented interval-valued fuzzy access control [J]. Journal of Frontiers of Computer Science and Technology,2010,4(10):865-880.
    [83]Ranganathan A, Al-Muhtadi J, Campbell R. Reasoning about uncertain contexts in pervasive computing environments[J]. IEEE Pervasive Computing,2004,3(2): 62-70.
    [84]Minami K, Kotz D. Secure context-sensitive authorization[J]. Journal of Perva-sive and Mobile Computing,2005,1(1):26-52.
    [93]Zhang LH, Gail JA, Bei TC. A Rule-Based Framework for Role-Based Delegation and Revocation[J]. ACM Transactions on Information and System Security,2003, 6(3):404-441.
    [94]Hany FE, Miriam AC, David SA. Intelligent security and access control frame-work for service-oriented architecture[J]. Information and Software Technology, 2010,52(2):220-236.
    [98]Zhang LH, Gail JA, Bei TC. A Rule-Based Framework for Role-Based Delegation and Revocation[J]. ACM Transactions on Information and System Security,2003, 6(3):404-441.
    [99]Hany FE, Miriam AC, David SA. Intelligent security and access control frame-work for service-oriented architecture [J]. Information and Software Technology, 2010,52(2):220-236.
    [107]Simon E, Dittrich A K. Promises and realities of active database systems[J]. In: Proc. of 21st VLDB,1995,642-653.
    [108]Jensen K. Coloured petri nets:Basic concepts, analysis methods and practical use[M]. Springer-Verlag, Berlin, Germany,1992.
    [109]Aiken A,Widom J,Hellerstein J. Behavior of database productions rules:Termina-on, confluence and observable determinism[C]. In:Proc. of the 1992 ACM SIGMOD, San Diego, CA,1992,59-68.
    [110]Aiken A, Hellerstein J, Widom J. Static analysis techniques for predicting the behavior of active database rules[J]. ACM Trans. Database Systems,1995,20(1): 3-41.
    [113]Danilo M, Elisa B, Maria B. Refined rules termination analysis through transac-tions[J].Information Systems,2003,28(5):435-456.
    [114]Jin Y, Susan DU, Suzanne WD. A concurrent rule scheduling algorithm for active rules[J]. Data & Knowledge Engineering,2007,60(3):530-546.
    [116]Burcin BK,Adnan Y. A fuzzy petri net model for intelligent databases [J]. Data Knowledge Engineering,2006,35(8):219-247.
    [117]Pankaj D, Suresh KJ. Fuzzy rule based system and metagraph for risk manage-ment in electronic banking activities [J]. International Journal of Engineering and Technology,2009,1(1):1793-8236.
    [118]Tan ZH. Fuzzy metagraph and its combination with the indexing approach in rule-based systems[J]. IEEE Transactions on Knowledge and Data Engineering, 2006,18(6):829-841.
    [119]Wang XM. A regular fuzzy tree grammar and its application[J]. Chinese Journal of Electronics,2007,16(2):193-197.
    [120]Wen YZ, Hong XL. Relationship between similarity measure and entropy of interval valued fuzzy sets[J]. Fuzzy Sets and Systems,2006,157(6):1477-1484.
    [121]Aiken A, Hellerstein JM,Widow JE.Static analysis techniques for predicting the behavir of active database rules[J]. ACM Transaction on Database System,1995, 20:3-40.
    [122]Kim SK,Chakravarthy S. A confluent rule execution model for active database [R]. Technical Report UF-CIS-TR-95-032.Florida:University of Florida,1995,1-19.
    [123]Jagadish HV,Mendelzon AO,Mumick IS. Managing conflicts between rules[C]. In: Proc. of PODS. Montreal Quebec,Canada,1996.
    [124]Zhou Y, Hsu M. A theory for rule triggering systems[C]. In:Proc. Extending Database Technology(EDBI),1990,407-421.
    [125]Baralis E,Widom J. Modularization techniques for active rules design[J]. ACM Transaction Database Systems,1996,21(1):1-29.
    [128]Gasquet O. On the influence of confluence in modal logics[J]. Fundamenta Infor-maticae,2006,70(3):227-250.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700