面向入侵防范的环境警备访问控制模型
|
摘要
入侵防范系统(IPS)融合了入侵检测与防火墙的技术优点,通过预先对入侵活动和攻击性网络流量进行拦截来提供主动防护。IPS广泛地应用在客户/服务模式的访问系统中。目前的IPS尚存在一定的局限性,如:“入侵”的概念不够广泛,局限于攻击性网络流量和带有入侵特征的数据流,而实际的入侵活动涉及更多客观因素(如不适当的时间、空间,不安全的操作平台等);“防范”体系不够紧凑,局限于通过IDS简单串联防火墙实现实时阻断,而非一个实施安全防御的有机整体。
针对普通IPS的局限性,在研究基于角色的访问控制(RBAC)基础上,结合主动防御思想,提出基于环境警备的访问控制(EABAC: Environment-Aware-Based Access Control)模型。EABAC将可能导致入侵的潜在因素纳入到防范体系中,提高入侵发生之前预测环境的安全防御能力,具有环境安全感知性,实现更为主动的安全防护。
为了建立EABAC模型,在形式化描述、访问控制规则、安全约束策略的制定及提高系统建壮性等方面做了新的引申和定义:
第一,扩充角色的含义,引入环境角色的概念,并依照RBAC标准形式进行定义和规范。所有影响访问系统安全性的客观因素都可被抽象为环境角色,并通过数学描述形式对环境角色各种因素给出了完整的语义和功能规范,依照RBAC的规则建立对应的核心模型、层次模型和权责分割机制,建立模型感知环境的桥梁,突破传统意义上的单一角色范畴,扩展入侵防护的范围。
第二,制定以环境安全为准则的角色、许可指派策略,通过建立一系列算法证明其实施的过程。角色的多重性导致“用户?角色”及“角色?许可”映射的多样性,EABAC通过引入环境标签、标签许可的概念使许可分配与环境状态相关联,并通过角色等级制度使模型能够反映对环境感知的敏感度,细化访问控制粒度。
第三,提出异维约束、关联约束的概念,制定了相关的冲突策略,并通过断言和实例分析进行了推导和证明。扩充角色约束的内容,通过安全约束,将多样化的环境因素关联为一个整体,实现访问控制策略与环境特性的紧耦合,并合理地解决角色模型中的冲突问题,增强安全防御的可控度。
第四,为访问控制引入入侵容忍机制,给出了实现方式。完善的访问控制不但需要防范入侵,也要求系统具有耐攻击的可操作性。EABAC提供层次化的冗余防护,使某些特殊情况下尽管存在攻击,仍能为合法用户提供所需的全部或者降级的服务,并确保访问信息的保密性,从而提高IPS应用的健壮性。
通过一系列的研究工作,对EABAC的工作逻辑进行了推导和分析,并实现了一个原型系统。对原型系统的分析表明,EABAC通过对时间、空间、操作平台、访问途径和数据流信息等多方因素的掌控,以包含多种角色的角色实例为载体实施动态访问控制,使系统能够抵抗更为多样化的入侵活动;并通过虚拟服务和安全隧道多路复用技术,在提供冗余保护机制的同时,分散了传统意义上集中式入侵防范的压力,降低了EABAC执行的复杂度。
Intrusion Prevention System(IPS)combines the technical vantages of the Intrusion Detection System (IDS) and firewall. By blocking the intrusive activities and aggressive network flow in advance, IPS can provide the active protection. IPS is widely used in various kinds of“Client/Server”access systems, however, IPS has still some limitations at present. For example, the concept of intrusion is not popular enough, and it is only involved with suspicious data stream, but the actual intrusions should concern more external factors, such as improper time, site and insecure platform etc; it is also restricted to prevent intrusions by coupling IDS with firewall roughly, but not a organic unity of implementing defense.
Based on the research of role-based access control (RBAC), an Environment-Awareness-Based Access Control (EABAC) model is put forward to improve the efficiency of IPS and providing the further active prevention. In EABAC, more potential factors that result in intrusions are brought into the prevention system to improve the ability of security defenses, before intrusion occurs. An access system based on EABAC is able to sense the security of environment as well as the proactive protection is implemented.
To establish the EABAC model, some new extensions and definitions are explored, such as the design of the formalize description, the access control rules and the security constraint strategy, and also in the aspect of improving the system’s robustness. First, EABAC expands the definition of the roles and imports the concept of the environmental roles. All of the objective factors that have an influence on the system’s security can be abstracted into the environmental roles. The complete semantic and functional norms about multiple environment factors are presented in the form of mathematic description. According to the rules of RBAC, the core model, hierarchy model and separation of duty of EABAC are set up, by which the system can capture the context of the environment. The bound of traditional roles is broken and the range of intrusion prevention is extended.
Second, the assignment policies of roles and permission based on the environmental security are established. The variety of roles results in the variety of“user?role”and“role?permission”. Bringing forward environment label and label permission, EABAC builds a relationship between the permission assignment and the environmental states. By the partial order of roles, the model can reflect the sensitivity of environment awareness and provide the fine-grained access control.
Third, more abundant security constraints are implemented. The range of role constraint is expanded; different dimensions constraint, environment constraint and correlative constraint are proposed; the related conflict strategies are built. By realizing these security constraints, multiple environment factors are congregated to a whole; access control policies and environment security are coupled tightly. Resolving the conflicts in role model in reason, security defense could be controlled flexibly.
Fourth, the intrusion tolerance mechanism is brought forward for EABAC. A perfect access control system need not only prevent intrusions but also resist attacks. Though the attacks still exist, the system can yet provide the full or partial services for user when some emergencies happening and the data of access are kept secret. By this way, the robustness of IPS application is improved.
By doing the series of research work, the work-base logic of EABAC is deduced, and a prototype system is implemented. The analysis about the prototype system indicates that EABAC can resist the multifarious intrusions by capturing the information of the time, space, platform, approach and data stream. It implements dynamic access control using role instance as carrier which contains multiplex roles. Besides, EABAC provides the redundant protection as well as the stress of traditional centralized intrusion prevention is dispersed and the execution complexity of EABAC is reduced by the technologies of Virtual Service and Secure Tunnel Division Multiplexing.
针对普通IPS的局限性,在研究基于角色的访问控制(RBAC)基础上,结合主动防御思想,提出基于环境警备的访问控制(EABAC: Environment-Aware-Based Access Control)模型。EABAC将可能导致入侵的潜在因素纳入到防范体系中,提高入侵发生之前预测环境的安全防御能力,具有环境安全感知性,实现更为主动的安全防护。
为了建立EABAC模型,在形式化描述、访问控制规则、安全约束策略的制定及提高系统建壮性等方面做了新的引申和定义:
第一,扩充角色的含义,引入环境角色的概念,并依照RBAC标准形式进行定义和规范。所有影响访问系统安全性的客观因素都可被抽象为环境角色,并通过数学描述形式对环境角色各种因素给出了完整的语义和功能规范,依照RBAC的规则建立对应的核心模型、层次模型和权责分割机制,建立模型感知环境的桥梁,突破传统意义上的单一角色范畴,扩展入侵防护的范围。
第二,制定以环境安全为准则的角色、许可指派策略,通过建立一系列算法证明其实施的过程。角色的多重性导致“用户?角色”及“角色?许可”映射的多样性,EABAC通过引入环境标签、标签许可的概念使许可分配与环境状态相关联,并通过角色等级制度使模型能够反映对环境感知的敏感度,细化访问控制粒度。
第三,提出异维约束、关联约束的概念,制定了相关的冲突策略,并通过断言和实例分析进行了推导和证明。扩充角色约束的内容,通过安全约束,将多样化的环境因素关联为一个整体,实现访问控制策略与环境特性的紧耦合,并合理地解决角色模型中的冲突问题,增强安全防御的可控度。
第四,为访问控制引入入侵容忍机制,给出了实现方式。完善的访问控制不但需要防范入侵,也要求系统具有耐攻击的可操作性。EABAC提供层次化的冗余防护,使某些特殊情况下尽管存在攻击,仍能为合法用户提供所需的全部或者降级的服务,并确保访问信息的保密性,从而提高IPS应用的健壮性。
通过一系列的研究工作,对EABAC的工作逻辑进行了推导和分析,并实现了一个原型系统。对原型系统的分析表明,EABAC通过对时间、空间、操作平台、访问途径和数据流信息等多方因素的掌控,以包含多种角色的角色实例为载体实施动态访问控制,使系统能够抵抗更为多样化的入侵活动;并通过虚拟服务和安全隧道多路复用技术,在提供冗余保护机制的同时,分散了传统意义上集中式入侵防范的压力,降低了EABAC执行的复杂度。
Intrusion Prevention System(IPS)combines the technical vantages of the Intrusion Detection System (IDS) and firewall. By blocking the intrusive activities and aggressive network flow in advance, IPS can provide the active protection. IPS is widely used in various kinds of“Client/Server”access systems, however, IPS has still some limitations at present. For example, the concept of intrusion is not popular enough, and it is only involved with suspicious data stream, but the actual intrusions should concern more external factors, such as improper time, site and insecure platform etc; it is also restricted to prevent intrusions by coupling IDS with firewall roughly, but not a organic unity of implementing defense.
Based on the research of role-based access control (RBAC), an Environment-Awareness-Based Access Control (EABAC) model is put forward to improve the efficiency of IPS and providing the further active prevention. In EABAC, more potential factors that result in intrusions are brought into the prevention system to improve the ability of security defenses, before intrusion occurs. An access system based on EABAC is able to sense the security of environment as well as the proactive protection is implemented.
To establish the EABAC model, some new extensions and definitions are explored, such as the design of the formalize description, the access control rules and the security constraint strategy, and also in the aspect of improving the system’s robustness. First, EABAC expands the definition of the roles and imports the concept of the environmental roles. All of the objective factors that have an influence on the system’s security can be abstracted into the environmental roles. The complete semantic and functional norms about multiple environment factors are presented in the form of mathematic description. According to the rules of RBAC, the core model, hierarchy model and separation of duty of EABAC are set up, by which the system can capture the context of the environment. The bound of traditional roles is broken and the range of intrusion prevention is extended.
Second, the assignment policies of roles and permission based on the environmental security are established. The variety of roles results in the variety of“user?role”and“role?permission”. Bringing forward environment label and label permission, EABAC builds a relationship between the permission assignment and the environmental states. By the partial order of roles, the model can reflect the sensitivity of environment awareness and provide the fine-grained access control.
Third, more abundant security constraints are implemented. The range of role constraint is expanded; different dimensions constraint, environment constraint and correlative constraint are proposed; the related conflict strategies are built. By realizing these security constraints, multiple environment factors are congregated to a whole; access control policies and environment security are coupled tightly. Resolving the conflicts in role model in reason, security defense could be controlled flexibly.
Fourth, the intrusion tolerance mechanism is brought forward for EABAC. A perfect access control system need not only prevent intrusions but also resist attacks. Though the attacks still exist, the system can yet provide the full or partial services for user when some emergencies happening and the data of access are kept secret. By this way, the robustness of IPS application is improved.
By doing the series of research work, the work-base logic of EABAC is deduced, and a prototype system is implemented. The analysis about the prototype system indicates that EABAC can resist the multifarious intrusions by capturing the information of the time, space, platform, approach and data stream. It implements dynamic access control using role instance as carrier which contains multiplex roles. Besides, EABAC provides the redundant protection as well as the stress of traditional centralized intrusion prevention is dispersed and the execution complexity of EABAC is reduced by the technologies of Virtual Service and Secure Tunnel Division Multiplexing.
引文
[1] J. B. D. Joshi, A. Ghafoor, W. G. Aref and E. H. Spafford. Digital government security infrastructure design challenges. IEEE Compute, February 2001, 33(2): 66-72
[2] T. Ryutov, C. Neuman. The Specification and Enforcement of Advanced Security Policies. In proceedings of the third IEEE International Workshop on Policies for Distributed Systems and Networks. Los Angeles, CA, USA. 2002. 128-138
[3] Tatyana Ryutov, Clifford Neuman, Dongho Kim, Li Zhou. Integrated Access Control and Intrusion Detection for Web Servers. IEEE Transactions on Parallel and Distributed Systems, Sept. 2003, 14(9): 841-850
[4] E. S. Smaha. Haystack: an intrusion detection system. In proceedings of the Fourth Aerospace Computer Security Applications Conference. Orlando, FL, USA. Dec. 12-16, 1988. 37-44
[5] S. Staniford, J. A. Hoagland and J. M. M.cAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, July 2002, 10(1): 105-136
[6] Dar-Ning Kung. An Evolution in Security: Intrusion Prevention. SANS GIAC Practical for GSEC V1.4b. Oct 2, 2003
[7] Xinyou Zhang, Chengzhong Li and Wenbin Zheng. Intrusion Prevention System Design. In proceedings of the fourth international conference on computer and information technology. Wuhan, China. Sept. 14-16, 2004. 386-390
[8] Konstantinos Xinidis, Ioannis Charitakis, Spiros Antonatoset al. An Active Splitter Architecture for Intrusion Detection and Prevention. IEEE Transactions on Dependable and Secure Computing, Jan-Mar 2006, 3(1): 31-44
[9] Nick Lerace, Cesar Urrutia, Richard Bassett. Intrusion Prevention Systems. ACM Ubiquity, June 2005, 6(19): 2-2
[10] Shimrit Tzur-David. A Network Intrusion Prevention System (NIPS) for High-Speed Networks. A Thesis Submitted in fulfillment of the requirements for the degree of Master of Science. School of Engineering and Computer Science. The Hebrew University of Jerusalem Jerusalem, Israel. Sept. 2005
[11] Juan M. Estevez-Tapiador, Pedro Garcia-Teodoro, and Jesus E. Diaz-Verdejo, Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection. In proceedings of the First IEEE International Workshop on Information Assurance. Darmstadt, Germany. March 24, 2003. 3-12
[12] D. Wagner, R. Dean. Intrusion detection via static analysis. In proceedings of the 2001 IEEE Symposium on Security and Privacy. Oakland, CA, USA. May 14-16, 2001. 156-168
[13] Tsang-Long Pao, Po-Wei Wang,“NetFlow Based Intrusion Detection System”, In proceedings of the 2004 IEEE International Conference: Networking, Sensing & Control. Taipei, Taiwan. March 21-23, 2004. 731-736
[14] J. F. Levine, J. B. Grizzard, and H. L. Owen. Detecting and categorizing kernel-level rootkits to aid future detection. IEEE Security & Privacy, Jan.-Feb. 2006, 4(1):24–32
[15] K. Ilgun, R.A. Kemmerer, P.A. Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Transaction on Software Engineering, March 1995, 32(3):222-232
[16] E. Bertino, B. Catania, E. Ferrari, and P. Perlasca. A logical framework for reasoning about access control models. ACM Transaction on Information System Security, 2003, 6(1):71–127
[17] Ravi S. Sandhu, Pierangela Samarati. Access Control: Principles and Practice. IEEE Communication, 1994, 32(9):40-48
[18] Jason Crampton. A reference monitor for workflow systems with constrained task execution. In proceedings of the tenth ACM symposium on Access control models and technologies. Stockholm, Sweden. June 1-3, 2005. 38-47
[19] Ravi Sandhu and Jaehong Park. Usage Control: A Vision for Next Generation Access Control. In proceedings of the international workshop on mathematical methods, models, and architectures for computer network security. St. Petersburg, Russia. September 21-23, 2003. 2776:17-31
[20] U. Kelter. Discretionary access controls in a high-performance object management system. In proceedings of the 1991 IEEE Symposium on Security and Privacy. Oakland, California, USA. May 20-22, 1991. 288-299
[21] Robert Watson, Brian Feldman, Adam Migus and Chris Vance. Design andimplementation of the TrustedBSD MAC framework. In proceedings of the third DARPA Information Survivability Conference and Exhibition. April 22-24, 2003. Washington, DC, USA: IEEE Press, 2003. 38-49
[22] R. Sandhu, E. J. Coyne, H. L. Feinstein and C. E. Youman. Role-based access control models. IEEE Computer, 1996, 29(2): 38-47
[23] J.A. Solworth, R.H. Sloan. A Layered Design of Discretionary Access Controls with Decidable Safety Properties. In proceedings of the 2004 IEEE Symposium on Security and Privacy (S&P’04). Oakland, California, USA. May 9-12, 2004. 56-67.
[24] D. E. Bell and L. J. LaPadula. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report MTR-2997, Mitre Corporation, March 1976
[25] K. J. Biba. Integrity considerations for secure computer systems. Tech. Rep. MTR-3153, The MITRE Corporation, June 1975
[26] Y.X. Jiang, C. Lin, H. Yin, Z.X. Tan. Security Analysis of Mandatory Access Control Model. In proceedings of 2004 IEEE International Conference on Systems, Man and Cybernetics. Hague, Netherlands. October 10-13, 2004. 5013-5018
[27] D.J. Thomsen. Role Based Application Design and Enforcement. Database Security, In proceedings of IV Status and Prospects. North Holland, New York, USA. 1991. 151-168
[28] D. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, R. Chandramouli. A Proposed Standard for Role Based Access Control. ACM Transactions on Information and System Security, August 2001, 4(3): 224-274
[29] P. Naldurg and R. H. Campbell. Dynamic access control policies in Seraphim. Technical Report UIUCDCS-R-2002-2260, Computer Science Department, University of Illinois at Urbana-Champaign, February 2002
[30] A. Hess, G, Sch?fer. A Flexible and Dynamic Access Control Policy Framework for an Active Networking Environment. In proceedings of the 13th ITG/GI-Fachtagung Kommunikation in verteilten Systemen. Leipzig, Germany. Feb. 25-28, 2003. 321-333
[31] Konstantin Knorr. Dynamic Access Control through Petri Net Workflows. In proceedings of the 16th Annual Computer Security Applications Conference. New Orleans, LA, USA. Dec. 11-15, 2000. 159-167
[32] Wei Li, Edward B. Allen. An Access Control Model for Secure Cluster-Computing Environments. In proceedings of the 38th Annual Hawaii International Conference on System Sciences. Big Island, Hawaii. Jan. 3-6, 2005. 309-310
[33] LEE, W. and STOLFO, S. J. 2000 A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security, November 2000, 3(4): 227 -261
[34] Milenko Drini'c, Darko Kirovski. A Hardware-Software Platform for Intrusion Prevention. In proceedings of MICRO-37’04. Portland, OR, USA. Dec. 4-8 2004. 233-242
[35] Tomás E. Uribe, Steven Cheung. Automatic analysis of firewall and network intrusion detection system configurations. Journal of Computer Security, IOS Press, 2007, 15(6):691-715
[36] Yao-Min Chen, Yanyan Yang. Policy management for network-based intrusion detection and prevention. In proceedings of 2004 Network Operations and Management Symposium. Seoul, Korea. April 23, 2004. 219-232
[37] I. Charitakis, K. Anagnostakis, E. Markatos. An active traffic splitter architecture for intrusion detection. In proceedings of the 11th IEEE/ACM International Symposium on Modelling, Analysis and Simulation of Computer and Telecommunication Systems. Orlando, Florida, USA. 2003. 238-241
[38] R.S. Sandhu, K. Ranganathan, X. Zhang. Secure Information Sharing Enabled by Trusted Computing and PEI Models. In proceedings of the ACM Symposium on Informa-tion, computer and communications security. Taipei, Taiwan. 2006. 2-12
[39] R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lepreau. The Flask security architecture: System support for diverse security policies. In proceedings of the 8th USENIX Security Symposium. Washington, D.C., USA. Aug. 23-16, 1999. 123-139
[40] E. Bertino, B. Catania, E. Ferrari and P. Perlasca. A system to specify and manage multipolicy access control models. In proceeding of the 3rd International Workshop on Policies for Distributed Systems and Networks. June 5-7, 2002. 116-127
[41] A. Hess, M. Schoeller, G. Sch?fer, et al. A dynamic and flexible Access Control and Resource Monitoring Mechanism for Active Nodes. In proceeding of OpenArch 2002. New York City, New York, USA. June 28-29, 2002. 11-16
[42] C. H. Lin, R. C. T. Lee, and C. C. Chang. A dynamic access control mechanism in information protection systems. Journal of Information Science and Engineering, March 1990, 6(1):25-35
[43] S.M. Yen and C.-S. Laih. On the design of dynamic access control scheme with user authentication. International Journal of Computers and Mathematics with Applications, 1993, 25(7):27-32
[44] R.H. Campbell, Zhaoyu Liu, M.D. Mickunas. Seraphim: dynamic interoperable security architecture for activenetworks. In proceeding of the 3rd Conference on Open Architectures and Network Programming. Tel-Aviv, Israel. March 26-27, 2000. 55-64
[45] L. Teo, G.J. Ahn, Y.L. Zheng. Dynamic and Risk-Aware Network Access Management. In proceeding of the 7th ACM symposium on Access control Models and Technologies. Como, Italy. June 2-3, 2003. 217-230
[46] Inc. Sourcefire. Next-generation intrusion prevention: Accounting for the attack timeline. Information Security Technical Report, Published by Elsevier Ltd., 2005, 10:162-168
[47] Virginia Nunes Leal Franqueira. Access Control from an Intrusion Detection Perspective. Technical Report TR-CTIT-06-10, Centre for Telematics and Information Technology, University of Twente, February 28, 2006
[48] R. Janakiraman, M. Waldvogel, Z. Qi. Indra: a peer-to-peer approach to network intrusion detection and prevention. In proceedings of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. Linz, Austria. June 9-11, 2003. 226-231
[49]欧阳凯.面向VPN的访问控制模型及相关技术研究: [博士学位论文].保存地点:华中科技大学图书馆, 2006
[50] J.M. St'evenne. A model-checking approach to temporal reasoning. In proceedings of the second Bar-Ilan Symposium on Foundation of Artificial Intelligence. Jan. 17-20, 1991
[51] M. Ni'ezette and J.M. St'evenne. An efficient symbolic representation of periodic time. In proceedings of International Conference on Information and Knowledge Management. Baltimore, Maryland, USA. Nov. 8-11, 1992
[52] E. Bertino, P. A. Bonatti, E. Ferrari. TRBAC: A temporal role-based access controlmodel. ACM Trans. on Information and System Security, 2001,4(3): 191-233
[53] Elisa Bertino, Barbara Catania, Maria Luisa Damiani, et al. GEO-RBAC: A Spatially Aware RBAC. ACM Transactions on Information Systems and Security, March 2007, 1(1): 1-34
[54] M. Kumar and R.E. Newman. STRBAC - An Approach Towards Spatio-Temporal Role-based Access Control. In proceedings of 2006 Communication, Network, and Information Security. Cambridge, MA, USA. October 9-11, 2006. 803-808
[55] Urs Hengartner, Peter Steenkiste. Access control to information in pervasive computing environments. In proceedings of the 9th conference on Hot Topics in Operating Systems. Lihue, Hawaii. Dec. 1-5, 2003. 27-32
[56] M.J. Covington, Matthew J. Moyer, and Mustaque Ahamad. Generalized Role-Based Access Control for Securing Future Applications. In proceedings of the 23rd National Information Systems Security Conference. Baltimore, MD. USA. October 16-19, 2000. 40-51
[57] M.J. Covington, Wende Long, S. Srinivasan, et al. Securing context-aware applications using environment roles. In proceedings of the 6th ACM Symposium on Access Control Models and Technologies. Chantilly, Virginia, USA. May 3-4, 2001. 10-20
[58] M.J. Covington, P. Fogla, Z.Y. Zhan, et al. A Context-Aware Security Architecture for Emerging Applications. In proceedings of the 18th Annual Computer Security Applications Conference. Las Vegas, NV, USA. Dec. 9-13, 2002. 249-258
[59] M.J. Covington and M.R. Sastry. A Contextual Attribute-Based Access Control Model. In proceedings of OTM Workshops (2). Montpellier, France. Oct. 29-Nov. 3, 2006. 1996-2006
[60] M.J. Covington, M.R. Sastry, D.J. Manohar. Attribute-Based Authentication Model for Dynamic Mobile Environments. In proceedings of the 3rd International Conference of Security in Pervasive Computing. York, UK. April 19-20, 2006. 227-242
[61] Ravi Sandhu, Pierangela Samarati. Authentication, access control, and audit. ACM Computing Surveys, 1996, 28(1):241-243
[62]王辉,邵佩英.以状态检测实施基于角色的网络访问控制.计算机工程, 2001, 27(10):132-134
[63]谭蕴友.集中访问控制和入侵检测模型的安全网络.计算机科学, 2007, 3(23): 43-45
[64] James Reynolds, James Just, Ed Lawson, Larry Clough, Ryan Maglich. The design and implementation of an intrusion tolerant system. In proceedings of the 2002 International Conference on Dependable Systems and Networks. Maryland USA. June 23-26, 2002. 285-290
[65]王丽娜,张焕国,傅建明.网络入侵容忍研究综述.第三届中国信息和通信安全学术论文集.北京:科学出版社,2003:39-45
[66] M. Atighetchi, P. Pal, F. Webber, et al. Adaptive Cyberdefense for Survival and Intrusion Tolerance. IEEE Internet Computing, 2004, 8(6):25-33
[67] A Valdes, M Almgren, S Cheung. An Architecture for an Adaptive Intrusion-Tolerant Server. In proceeding of Security Protocols: 10th International Workshop, Cambridge, UK, April 2002. LNCS, 2004, 2845:158-178
[68]彭文灵,王丽娜,张焕国等.基于角色访问控制的人侵容忍机制研究.电子学报, Jan. 2005, 33(1):91-95
[69]董理君,余胜生,夏涛,欧阳凯. VPN中的动态端点准入控制机制研究.小型微型计算机系统, 2007, 28(8): 1377-1381
[70] Lijun Dong, Shengsheng Yu, Kai Ouyang. The Dynamic Endpoint-Based Access Control Model on VPN. In Proc. of the 2007 International Conference on Networking, Architecture, and Storage. Guilin, China. Jun 29-31, 2007. 44-54
[71]董理君,余胜生,杜敏,周敬利.一种基于环境安全的角色访问控制模型研究.计算机科学.录用待发. 2008
[72] D. Ferraiolo, J. Cugini, and D. R. Kuhn. Role Based Access Control (RBAC): Features and Motivations. In proceeding of 1995 Computer Security Applications Conference. New Orleans, USA. Dec. 11-12, 1995. 241-248
[73] D. F. Ferraiolo and J. Barkley. Specifying and managing role-based access control within a corporate intranet. In proceedings of the 2nd ACM Workshop on Role-Based Access Control. New York, NY, USA. Nov. 6-7, 1997. 77-82
[74] D. Thomsen, D. O'Brien, and J. Bogle. Role Based Access Control Framework for Network Enterprises. In proceedings of the 14th Annual Computer Security Applications Conference. Phoenix, AZ, USA. Dec. 7-11, 1998. 50-58
[75] W. Yao, K. Moody, and J. Bacon. A model of oasis role-based access control and itssupport of active security. ACM Transactions on Information and System Security, 2002, 5(4): 492-540
[76] J. B. D. Joshi, W. G. Aref, A. Ghafoor and E. H. Spafford. Security models for web-based applications. ACM Communication, February 2001, 44(2): 38-44
[77]张宏,贺也平,石志国.一个支持空间上下文的访问控制形式模型.中国科学学, 2007, 37(2):254-271
[78] T. Jaeger. On the increasing importance of constraints. In proceedings of 4th ACM Workshop on Role-Based Access Control. Fairfax, VA, USA. Oct. 28-29, 1999. 33-42
[79] R. Simon and M. Zurko. Separation of Duty in Role-based Environments. In proceedings of 10th IEEE Computer Security Foundations Workshop. Rockport, MA, USA. June 10-12, 1997. 183-194
[80] Gligor, V. D., S. I. Gavrila, and D. Ferraiolo. On the Formal Definition of Separation-of-duty Policies and their Composition. In proceedings of 1998 IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, CA, USA. May, 1998. 172-183
[81] J. D. Moffett. Control principles and role hierarchies. In proceedings of the Third ACM Workshop on Role-Based Access Control. Fairfax, Virginia, USA. Oct. 22-23, 1998. 63-69
[82] J.B.D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering, Jan. 2005, 17(1): 4-23
[83] J. B. D. Joshi, E. Bertino, B. Shafiq, and A. Ghafoor. Dependencies and separation of duty constraints in GTRBAC. In proceedings of the eighth ACM symposium on Access control models and technologies. Como., Italy. June 2-3, 2003. 51-64
[84]欧阳凯,王恒青,董理君,周敬利.一种多维约束的RBAC模型研究.华中科技大学学报自然科学版,录用待发. 2008
[85]李立新,陈伟民,黄尚廉.强制访问控制在基于角色的安全系统中的实现.软件学报, 2000, 11(10):1320-1325
[86] R.S. Sandhu. Lattice-base access control models. IEEE Computer, 1993, 26(11): 9-19
[87] C. Jiang, P. Steenkiste. A hybrid location model with a computable locationidentifier for ubiquitous computing. In proceedings of the 4th International Conference on Ubiquitous Computing. Gateborg, Sweden. Sep. 29-Oct. 1, 2002. 246-263
[88] J. B. D. Joshi, E. Bertino, and A. Ghafoor. Temporal Hierarchies and Inheritance Semantics for GTRBAC. In proceeding of the 7th Symposium on Access Control Models and Technologies. Monterey, California, USA. June 3-4, 2002. 74-83
[89] J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. Hybrid Role Hierarchy for Generalized Temporal Role Based Access Control Model. In proceeding of the 26th Annual International Computer Software and Applications Conference. Oxford, England. Aug. 26-29, 2002. 951-956
[90] Lijun Dong, Min Du, Shengsheng Yu, Rongtao Liao. Secure Vault: an Intrusion Prevention Model for Ender-users. In proceeding of the 2007 International Conference on Computational Intelligence and Security. Harbin, China. Dec. 15-19, 2007. 542-545
[91]夏涛,刘龙,周敬利,董理君. SSL VPN远程接入点Cache Clean的设计与实现.计算机应用研究, 2007, No.2: 145-147
[92] Kai Ouyang, Xiaowen Chu, Lijun Dong, Hengqing Wang, Ting Cai. MLCC: A Multi Layered Correlative Control Mechanism for the VPN Topology. In proceeding of the 2007 International Conference on Networking, Architecture, and Storage. Guilin, China. Jun 29-31 2007. 37-43
[93] Lijun Dong, Shengsheng Yu, Tao Xia, Rongtao Liao. WBIPS: A Lightweight WTLS-Based Intrusion Prevention Scheme. In Proc. of the 3rd IEEE International Conference on Wireless Communications, Networking and Mobile Computing. Shanghai, China. Sep 21-23, 2007. 2298-2301
[94]余胜生,董理君,欧阳凯,夏涛.基于安全隧道多路复用的SSL VPN研究.小型微型计算机系统, 2006, 27(7): 1218-1222
[95] Khanvilkar, S. Khokhar, A. Virtual private networks: an overview with performance evaluation. IEEE Communications Magazine, Oct. 2004, 42(10): 146-154.
[96] Dierks T. and Allen C. The TLS Protocol Version 1.0. RFC 2246, January 1999.
[97] C. Sinclair, L. Pierce and S. Matzner. An application of machine learning to network intrusion detection. In proceedings of the 15th Annual computer Security Applications Conference. Phoenix, AZ, USA. Dec. 6-10, 1999. 371-377
[98] T. Lane and C. Brodley. An application of machine learning to anomaly detection. In proceedings of the 20th National Information Systems Security Conference. Baltimore, MD, USA. Oct. 7-10, 1997. 366-377
[99]张义荣.基于机器学习的入侵检测技术研究[工学博士学位论文].保存地点:国防科技大学研究生院. 2005
[100] V N. Vapnik, 5. Golovvich and A. Smola. Support vector method for function approximation, regression and signal processing. In proceedings of Advances in Neural Inofrmation Processing Systems 9. Cambridge, MA. May, 1997. 281-287
[101] C. WHsu and C.J. Lin. A comparison of methods for multi-class support vector machines. IEEE Transactions on Neural Newtorks, 2002, 13: 415-425
[102] D.J. Sebald and J.A. Bucklew. Support vector machines nd the multiple hypothesis test problem. IEEE Transactions on Signal Processing, Nov. 2001, 49(11): 2865-2872
[2] T. Ryutov, C. Neuman. The Specification and Enforcement of Advanced Security Policies. In proceedings of the third IEEE International Workshop on Policies for Distributed Systems and Networks. Los Angeles, CA, USA. 2002. 128-138
[3] Tatyana Ryutov, Clifford Neuman, Dongho Kim, Li Zhou. Integrated Access Control and Intrusion Detection for Web Servers. IEEE Transactions on Parallel and Distributed Systems, Sept. 2003, 14(9): 841-850
[4] E. S. Smaha. Haystack: an intrusion detection system. In proceedings of the Fourth Aerospace Computer Security Applications Conference. Orlando, FL, USA. Dec. 12-16, 1988. 37-44
[5] S. Staniford, J. A. Hoagland and J. M. M.cAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, July 2002, 10(1): 105-136
[6] Dar-Ning Kung. An Evolution in Security: Intrusion Prevention. SANS GIAC Practical for GSEC V1.4b. Oct 2, 2003
[7] Xinyou Zhang, Chengzhong Li and Wenbin Zheng. Intrusion Prevention System Design. In proceedings of the fourth international conference on computer and information technology. Wuhan, China. Sept. 14-16, 2004. 386-390
[8] Konstantinos Xinidis, Ioannis Charitakis, Spiros Antonatoset al. An Active Splitter Architecture for Intrusion Detection and Prevention. IEEE Transactions on Dependable and Secure Computing, Jan-Mar 2006, 3(1): 31-44
[9] Nick Lerace, Cesar Urrutia, Richard Bassett. Intrusion Prevention Systems. ACM Ubiquity, June 2005, 6(19): 2-2
[10] Shimrit Tzur-David. A Network Intrusion Prevention System (NIPS) for High-Speed Networks. A Thesis Submitted in fulfillment of the requirements for the degree of Master of Science. School of Engineering and Computer Science. The Hebrew University of Jerusalem Jerusalem, Israel. Sept. 2005
[11] Juan M. Estevez-Tapiador, Pedro Garcia-Teodoro, and Jesus E. Diaz-Verdejo, Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection. In proceedings of the First IEEE International Workshop on Information Assurance. Darmstadt, Germany. March 24, 2003. 3-12
[12] D. Wagner, R. Dean. Intrusion detection via static analysis. In proceedings of the 2001 IEEE Symposium on Security and Privacy. Oakland, CA, USA. May 14-16, 2001. 156-168
[13] Tsang-Long Pao, Po-Wei Wang,“NetFlow Based Intrusion Detection System”, In proceedings of the 2004 IEEE International Conference: Networking, Sensing & Control. Taipei, Taiwan. March 21-23, 2004. 731-736
[14] J. F. Levine, J. B. Grizzard, and H. L. Owen. Detecting and categorizing kernel-level rootkits to aid future detection. IEEE Security & Privacy, Jan.-Feb. 2006, 4(1):24–32
[15] K. Ilgun, R.A. Kemmerer, P.A. Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Transaction on Software Engineering, March 1995, 32(3):222-232
[16] E. Bertino, B. Catania, E. Ferrari, and P. Perlasca. A logical framework for reasoning about access control models. ACM Transaction on Information System Security, 2003, 6(1):71–127
[17] Ravi S. Sandhu, Pierangela Samarati. Access Control: Principles and Practice. IEEE Communication, 1994, 32(9):40-48
[18] Jason Crampton. A reference monitor for workflow systems with constrained task execution. In proceedings of the tenth ACM symposium on Access control models and technologies. Stockholm, Sweden. June 1-3, 2005. 38-47
[19] Ravi Sandhu and Jaehong Park. Usage Control: A Vision for Next Generation Access Control. In proceedings of the international workshop on mathematical methods, models, and architectures for computer network security. St. Petersburg, Russia. September 21-23, 2003. 2776:17-31
[20] U. Kelter. Discretionary access controls in a high-performance object management system. In proceedings of the 1991 IEEE Symposium on Security and Privacy. Oakland, California, USA. May 20-22, 1991. 288-299
[21] Robert Watson, Brian Feldman, Adam Migus and Chris Vance. Design andimplementation of the TrustedBSD MAC framework. In proceedings of the third DARPA Information Survivability Conference and Exhibition. April 22-24, 2003. Washington, DC, USA: IEEE Press, 2003. 38-49
[22] R. Sandhu, E. J. Coyne, H. L. Feinstein and C. E. Youman. Role-based access control models. IEEE Computer, 1996, 29(2): 38-47
[23] J.A. Solworth, R.H. Sloan. A Layered Design of Discretionary Access Controls with Decidable Safety Properties. In proceedings of the 2004 IEEE Symposium on Security and Privacy (S&P’04). Oakland, California, USA. May 9-12, 2004. 56-67.
[24] D. E. Bell and L. J. LaPadula. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report MTR-2997, Mitre Corporation, March 1976
[25] K. J. Biba. Integrity considerations for secure computer systems. Tech. Rep. MTR-3153, The MITRE Corporation, June 1975
[26] Y.X. Jiang, C. Lin, H. Yin, Z.X. Tan. Security Analysis of Mandatory Access Control Model. In proceedings of 2004 IEEE International Conference on Systems, Man and Cybernetics. Hague, Netherlands. October 10-13, 2004. 5013-5018
[27] D.J. Thomsen. Role Based Application Design and Enforcement. Database Security, In proceedings of IV Status and Prospects. North Holland, New York, USA. 1991. 151-168
[28] D. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, R. Chandramouli. A Proposed Standard for Role Based Access Control. ACM Transactions on Information and System Security, August 2001, 4(3): 224-274
[29] P. Naldurg and R. H. Campbell. Dynamic access control policies in Seraphim. Technical Report UIUCDCS-R-2002-2260, Computer Science Department, University of Illinois at Urbana-Champaign, February 2002
[30] A. Hess, G, Sch?fer. A Flexible and Dynamic Access Control Policy Framework for an Active Networking Environment. In proceedings of the 13th ITG/GI-Fachtagung Kommunikation in verteilten Systemen. Leipzig, Germany. Feb. 25-28, 2003. 321-333
[31] Konstantin Knorr. Dynamic Access Control through Petri Net Workflows. In proceedings of the 16th Annual Computer Security Applications Conference. New Orleans, LA, USA. Dec. 11-15, 2000. 159-167
[32] Wei Li, Edward B. Allen. An Access Control Model for Secure Cluster-Computing Environments. In proceedings of the 38th Annual Hawaii International Conference on System Sciences. Big Island, Hawaii. Jan. 3-6, 2005. 309-310
[33] LEE, W. and STOLFO, S. J. 2000 A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security, November 2000, 3(4): 227 -261
[34] Milenko Drini'c, Darko Kirovski. A Hardware-Software Platform for Intrusion Prevention. In proceedings of MICRO-37’04. Portland, OR, USA. Dec. 4-8 2004. 233-242
[35] Tomás E. Uribe, Steven Cheung. Automatic analysis of firewall and network intrusion detection system configurations. Journal of Computer Security, IOS Press, 2007, 15(6):691-715
[36] Yao-Min Chen, Yanyan Yang. Policy management for network-based intrusion detection and prevention. In proceedings of 2004 Network Operations and Management Symposium. Seoul, Korea. April 23, 2004. 219-232
[37] I. Charitakis, K. Anagnostakis, E. Markatos. An active traffic splitter architecture for intrusion detection. In proceedings of the 11th IEEE/ACM International Symposium on Modelling, Analysis and Simulation of Computer and Telecommunication Systems. Orlando, Florida, USA. 2003. 238-241
[38] R.S. Sandhu, K. Ranganathan, X. Zhang. Secure Information Sharing Enabled by Trusted Computing and PEI Models. In proceedings of the ACM Symposium on Informa-tion, computer and communications security. Taipei, Taiwan. 2006. 2-12
[39] R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lepreau. The Flask security architecture: System support for diverse security policies. In proceedings of the 8th USENIX Security Symposium. Washington, D.C., USA. Aug. 23-16, 1999. 123-139
[40] E. Bertino, B. Catania, E. Ferrari and P. Perlasca. A system to specify and manage multipolicy access control models. In proceeding of the 3rd International Workshop on Policies for Distributed Systems and Networks. June 5-7, 2002. 116-127
[41] A. Hess, M. Schoeller, G. Sch?fer, et al. A dynamic and flexible Access Control and Resource Monitoring Mechanism for Active Nodes. In proceeding of OpenArch 2002. New York City, New York, USA. June 28-29, 2002. 11-16
[42] C. H. Lin, R. C. T. Lee, and C. C. Chang. A dynamic access control mechanism in information protection systems. Journal of Information Science and Engineering, March 1990, 6(1):25-35
[43] S.M. Yen and C.-S. Laih. On the design of dynamic access control scheme with user authentication. International Journal of Computers and Mathematics with Applications, 1993, 25(7):27-32
[44] R.H. Campbell, Zhaoyu Liu, M.D. Mickunas. Seraphim: dynamic interoperable security architecture for activenetworks. In proceeding of the 3rd Conference on Open Architectures and Network Programming. Tel-Aviv, Israel. March 26-27, 2000. 55-64
[45] L. Teo, G.J. Ahn, Y.L. Zheng. Dynamic and Risk-Aware Network Access Management. In proceeding of the 7th ACM symposium on Access control Models and Technologies. Como, Italy. June 2-3, 2003. 217-230
[46] Inc. Sourcefire. Next-generation intrusion prevention: Accounting for the attack timeline. Information Security Technical Report, Published by Elsevier Ltd., 2005, 10:162-168
[47] Virginia Nunes Leal Franqueira. Access Control from an Intrusion Detection Perspective. Technical Report TR-CTIT-06-10, Centre for Telematics and Information Technology, University of Twente, February 28, 2006
[48] R. Janakiraman, M. Waldvogel, Z. Qi. Indra: a peer-to-peer approach to network intrusion detection and prevention. In proceedings of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. Linz, Austria. June 9-11, 2003. 226-231
[49]欧阳凯.面向VPN的访问控制模型及相关技术研究: [博士学位论文].保存地点:华中科技大学图书馆, 2006
[50] J.M. St'evenne. A model-checking approach to temporal reasoning. In proceedings of the second Bar-Ilan Symposium on Foundation of Artificial Intelligence. Jan. 17-20, 1991
[51] M. Ni'ezette and J.M. St'evenne. An efficient symbolic representation of periodic time. In proceedings of International Conference on Information and Knowledge Management. Baltimore, Maryland, USA. Nov. 8-11, 1992
[52] E. Bertino, P. A. Bonatti, E. Ferrari. TRBAC: A temporal role-based access controlmodel. ACM Trans. on Information and System Security, 2001,4(3): 191-233
[53] Elisa Bertino, Barbara Catania, Maria Luisa Damiani, et al. GEO-RBAC: A Spatially Aware RBAC. ACM Transactions on Information Systems and Security, March 2007, 1(1): 1-34
[54] M. Kumar and R.E. Newman. STRBAC - An Approach Towards Spatio-Temporal Role-based Access Control. In proceedings of 2006 Communication, Network, and Information Security. Cambridge, MA, USA. October 9-11, 2006. 803-808
[55] Urs Hengartner, Peter Steenkiste. Access control to information in pervasive computing environments. In proceedings of the 9th conference on Hot Topics in Operating Systems. Lihue, Hawaii. Dec. 1-5, 2003. 27-32
[56] M.J. Covington, Matthew J. Moyer, and Mustaque Ahamad. Generalized Role-Based Access Control for Securing Future Applications. In proceedings of the 23rd National Information Systems Security Conference. Baltimore, MD. USA. October 16-19, 2000. 40-51
[57] M.J. Covington, Wende Long, S. Srinivasan, et al. Securing context-aware applications using environment roles. In proceedings of the 6th ACM Symposium on Access Control Models and Technologies. Chantilly, Virginia, USA. May 3-4, 2001. 10-20
[58] M.J. Covington, P. Fogla, Z.Y. Zhan, et al. A Context-Aware Security Architecture for Emerging Applications. In proceedings of the 18th Annual Computer Security Applications Conference. Las Vegas, NV, USA. Dec. 9-13, 2002. 249-258
[59] M.J. Covington and M.R. Sastry. A Contextual Attribute-Based Access Control Model. In proceedings of OTM Workshops (2). Montpellier, France. Oct. 29-Nov. 3, 2006. 1996-2006
[60] M.J. Covington, M.R. Sastry, D.J. Manohar. Attribute-Based Authentication Model for Dynamic Mobile Environments. In proceedings of the 3rd International Conference of Security in Pervasive Computing. York, UK. April 19-20, 2006. 227-242
[61] Ravi Sandhu, Pierangela Samarati. Authentication, access control, and audit. ACM Computing Surveys, 1996, 28(1):241-243
[62]王辉,邵佩英.以状态检测实施基于角色的网络访问控制.计算机工程, 2001, 27(10):132-134
[63]谭蕴友.集中访问控制和入侵检测模型的安全网络.计算机科学, 2007, 3(23): 43-45
[64] James Reynolds, James Just, Ed Lawson, Larry Clough, Ryan Maglich. The design and implementation of an intrusion tolerant system. In proceedings of the 2002 International Conference on Dependable Systems and Networks. Maryland USA. June 23-26, 2002. 285-290
[65]王丽娜,张焕国,傅建明.网络入侵容忍研究综述.第三届中国信息和通信安全学术论文集.北京:科学出版社,2003:39-45
[66] M. Atighetchi, P. Pal, F. Webber, et al. Adaptive Cyberdefense for Survival and Intrusion Tolerance. IEEE Internet Computing, 2004, 8(6):25-33
[67] A Valdes, M Almgren, S Cheung. An Architecture for an Adaptive Intrusion-Tolerant Server. In proceeding of Security Protocols: 10th International Workshop, Cambridge, UK, April 2002. LNCS, 2004, 2845:158-178
[68]彭文灵,王丽娜,张焕国等.基于角色访问控制的人侵容忍机制研究.电子学报, Jan. 2005, 33(1):91-95
[69]董理君,余胜生,夏涛,欧阳凯. VPN中的动态端点准入控制机制研究.小型微型计算机系统, 2007, 28(8): 1377-1381
[70] Lijun Dong, Shengsheng Yu, Kai Ouyang. The Dynamic Endpoint-Based Access Control Model on VPN. In Proc. of the 2007 International Conference on Networking, Architecture, and Storage. Guilin, China. Jun 29-31, 2007. 44-54
[71]董理君,余胜生,杜敏,周敬利.一种基于环境安全的角色访问控制模型研究.计算机科学.录用待发. 2008
[72] D. Ferraiolo, J. Cugini, and D. R. Kuhn. Role Based Access Control (RBAC): Features and Motivations. In proceeding of 1995 Computer Security Applications Conference. New Orleans, USA. Dec. 11-12, 1995. 241-248
[73] D. F. Ferraiolo and J. Barkley. Specifying and managing role-based access control within a corporate intranet. In proceedings of the 2nd ACM Workshop on Role-Based Access Control. New York, NY, USA. Nov. 6-7, 1997. 77-82
[74] D. Thomsen, D. O'Brien, and J. Bogle. Role Based Access Control Framework for Network Enterprises. In proceedings of the 14th Annual Computer Security Applications Conference. Phoenix, AZ, USA. Dec. 7-11, 1998. 50-58
[75] W. Yao, K. Moody, and J. Bacon. A model of oasis role-based access control and itssupport of active security. ACM Transactions on Information and System Security, 2002, 5(4): 492-540
[76] J. B. D. Joshi, W. G. Aref, A. Ghafoor and E. H. Spafford. Security models for web-based applications. ACM Communication, February 2001, 44(2): 38-44
[77]张宏,贺也平,石志国.一个支持空间上下文的访问控制形式模型.中国科学学, 2007, 37(2):254-271
[78] T. Jaeger. On the increasing importance of constraints. In proceedings of 4th ACM Workshop on Role-Based Access Control. Fairfax, VA, USA. Oct. 28-29, 1999. 33-42
[79] R. Simon and M. Zurko. Separation of Duty in Role-based Environments. In proceedings of 10th IEEE Computer Security Foundations Workshop. Rockport, MA, USA. June 10-12, 1997. 183-194
[80] Gligor, V. D., S. I. Gavrila, and D. Ferraiolo. On the Formal Definition of Separation-of-duty Policies and their Composition. In proceedings of 1998 IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, CA, USA. May, 1998. 172-183
[81] J. D. Moffett. Control principles and role hierarchies. In proceedings of the Third ACM Workshop on Role-Based Access Control. Fairfax, Virginia, USA. Oct. 22-23, 1998. 63-69
[82] J.B.D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering, Jan. 2005, 17(1): 4-23
[83] J. B. D. Joshi, E. Bertino, B. Shafiq, and A. Ghafoor. Dependencies and separation of duty constraints in GTRBAC. In proceedings of the eighth ACM symposium on Access control models and technologies. Como., Italy. June 2-3, 2003. 51-64
[84]欧阳凯,王恒青,董理君,周敬利.一种多维约束的RBAC模型研究.华中科技大学学报自然科学版,录用待发. 2008
[85]李立新,陈伟民,黄尚廉.强制访问控制在基于角色的安全系统中的实现.软件学报, 2000, 11(10):1320-1325
[86] R.S. Sandhu. Lattice-base access control models. IEEE Computer, 1993, 26(11): 9-19
[87] C. Jiang, P. Steenkiste. A hybrid location model with a computable locationidentifier for ubiquitous computing. In proceedings of the 4th International Conference on Ubiquitous Computing. Gateborg, Sweden. Sep. 29-Oct. 1, 2002. 246-263
[88] J. B. D. Joshi, E. Bertino, and A. Ghafoor. Temporal Hierarchies and Inheritance Semantics for GTRBAC. In proceeding of the 7th Symposium on Access Control Models and Technologies. Monterey, California, USA. June 3-4, 2002. 74-83
[89] J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. Hybrid Role Hierarchy for Generalized Temporal Role Based Access Control Model. In proceeding of the 26th Annual International Computer Software and Applications Conference. Oxford, England. Aug. 26-29, 2002. 951-956
[90] Lijun Dong, Min Du, Shengsheng Yu, Rongtao Liao. Secure Vault: an Intrusion Prevention Model for Ender-users. In proceeding of the 2007 International Conference on Computational Intelligence and Security. Harbin, China. Dec. 15-19, 2007. 542-545
[91]夏涛,刘龙,周敬利,董理君. SSL VPN远程接入点Cache Clean的设计与实现.计算机应用研究, 2007, No.2: 145-147
[92] Kai Ouyang, Xiaowen Chu, Lijun Dong, Hengqing Wang, Ting Cai. MLCC: A Multi Layered Correlative Control Mechanism for the VPN Topology. In proceeding of the 2007 International Conference on Networking, Architecture, and Storage. Guilin, China. Jun 29-31 2007. 37-43
[93] Lijun Dong, Shengsheng Yu, Tao Xia, Rongtao Liao. WBIPS: A Lightweight WTLS-Based Intrusion Prevention Scheme. In Proc. of the 3rd IEEE International Conference on Wireless Communications, Networking and Mobile Computing. Shanghai, China. Sep 21-23, 2007. 2298-2301
[94]余胜生,董理君,欧阳凯,夏涛.基于安全隧道多路复用的SSL VPN研究.小型微型计算机系统, 2006, 27(7): 1218-1222
[95] Khanvilkar, S. Khokhar, A. Virtual private networks: an overview with performance evaluation. IEEE Communications Magazine, Oct. 2004, 42(10): 146-154.
[96] Dierks T. and Allen C. The TLS Protocol Version 1.0. RFC 2246, January 1999.
[97] C. Sinclair, L. Pierce and S. Matzner. An application of machine learning to network intrusion detection. In proceedings of the 15th Annual computer Security Applications Conference. Phoenix, AZ, USA. Dec. 6-10, 1999. 371-377
[98] T. Lane and C. Brodley. An application of machine learning to anomaly detection. In proceedings of the 20th National Information Systems Security Conference. Baltimore, MD, USA. Oct. 7-10, 1997. 366-377
[99]张义荣.基于机器学习的入侵检测技术研究[工学博士学位论文].保存地点:国防科技大学研究生院. 2005
[100] V N. Vapnik, 5. Golovvich and A. Smola. Support vector method for function approximation, regression and signal processing. In proceedings of Advances in Neural Inofrmation Processing Systems 9. Cambridge, MA. May, 1997. 281-287
[101] C. WHsu and C.J. Lin. A comparison of methods for multi-class support vector machines. IEEE Transactions on Neural Newtorks, 2002, 13: 415-425
[102] D.J. Sebald and J.A. Bucklew. Support vector machines nd the multiple hypothesis test problem. IEEE Transactions on Signal Processing, Nov. 2001, 49(11): 2865-2872