摘要
在现在信息和知识驱动的信息化环境中,数据在各个组织内部及之间进行流动的速度逐步加快,在出现紧急情况的时候需要能迅速地决定对敏感数据的访问,并保证这些敏感信息不被无意或者恶意泄露,这就要求应用系统具有较高的灵活性以适应这种动态性。因此,现在的信息化应用越来越需要动态的访问控制策略及相关的实现机制。
本论文研究了基于XACML的量化风险自适应的访问控制的方法和技术,以实现可以灵活调整的动态访问控制系统。本系统在访问控制系统中引入风险管理思想,通过量化访问的风险值并在系统中对风险进行管理和监控,通过有效的风险控制实现动态访问控制。
本论文接下去结合当前访问控制策略语言事实上的标准XACML,充分发掘其强大的访问策略表达能力,在不改变访问请求语义的情况下引入量化风险的控制功能。同时论文扩展XACML框架,利用XACML中的Obligation模块在系统中加入持续的风险控制机制,实现了量化风险自适应的访问控制。最后,论文通过实验评估论证了基于XACML实现量化风险自适应的访问控制是一种灵活有效的访问控制方法和技术。
In the today's information and knowledge driven digital environment, there is an increasing requirement to accelerate the speed of information sharing across all types of organizations. When external events occur, the system is required to adjust the way of information dominance. Meanwhile sensitive information must be protected from unauthorized disclosure. The access control mechanism, therefore, has to be flexible to fit the dynamic situation. Today's applications need dynamic access control policies and their relevant implementations.
In this paper we research the XACML-based quantified risk-adaptive access control system which is a dynamic and convenience to be adjusted according to the changing environment. We bring risk management to the access control system. By means of quantifying the access's risk and managing the risk in the system we effectively combine the access control with risk management. The system takes access control through effective risk management.
Besides, our approach uses XACML, which is actually the general standard language in the field of access control, to implement our solution. This paper taking full use of XACML's great ability of expression in access control policies, adds functions of controlling quantified risk to the access control system without changing the semantic of request. This paper also extends the framework of XACML to implement the quantified risk-adaptive access control by adding durative access control mechanism which depends on Obligation module in XACML. Finally, we use experiments to demonstrate that XACML-based quantified risk-adaptive access control is an efficient, flexible, dynamic access control system.
引文
[1]Pau-Chen Cheng, Pankaj Rohatgi, Claudia Keser. Fuzzy MLS:An Experiment on Quantified Risk-Adaptive Access Control. Berkeley, CA:IEEE Symposium on Security and Privacy,2007:222-230
[2]Weili Han, Qun Ni, Hong Chen. Apply Measurable Risk to Strengthen Security of a Role-based Delegation supporting Workflow System. London, UK:IEEE International Symposium on Policies for Distributed Systems and Networks(POLICY 2009),2009:45-52
[3]MITRE Corporation Jason Prograrm Office. HORIZONTAL INTEGRATION: Broader Access Models for Realizing Information Dominance, JSR-04-132, December 2004. http://www.fas.org/irp/agency/dod/jason/classpol.pdf.
[4]李瑞轩,胡劲纬,唐卓,等。R2BAC:基于风险的多自治域安全互操作模型。通信学报,2008,29(010):58-69
[5]Weili Han, Min Xu, Weidong Zhao, et al. A trusted decentralized access control framework for the client/server architecture. Journal of Network and Computer Applications,2010,33(2):76-83
[6]Ian Molloy, Pau-Chen Cheng, Pankaj Rohatgi. Trading in Risk:Using Markets to Improve Access Control. Lake Tahoe, California, USA:In proceedings of the 2008 Workshop on New Security Paradigms (NSPW'08),2008.
[7]Deborah D. Downs, Jerzy R. Rub, Kenneth C. Kung, Carole S. Jordan, "Issues in Discretionary Access Control," sp, pp.208,1985 IEEE Symposium on Security and Privacy,1985
[8]Sandhu R S, Coyne E J, Feinstein H L, et al. Role-based access control models[J]. Computer.1996,29(2):38-47.
[9]OASIS extensible Access Control Markup Language (XACML) Version 2.0[EB/OL],(2005-02-01). docs. oasis-open. org/xacml/2.0/access_control-xaml-2.0-core-spec-os.pdf
[10]周洲仪,贺也平,梁洪亮。基于Biba和Clark-Wilson策略的混合强制完整性模型。软件学报,2010,21(1):98-106.
[11]陈凤珍,洪帆。基于任务的访问控制(TBAC)模型。小型微型计算机系统,2003,24(3):621-624。
[12]刘宏月,范久伦,马建峰。访问控制技术研究进展。小型微型计算机系统,2004,25(1):56-59
[13]Bobba R, Fatemieh O, Khan F, et al. Using attribute-based access control to enable attribute-based messaging[Z]. Florida, USA:2006403-413.
[14]叶春晓,吴中福,符云清,等。基于属性的扩展委托模型。计算机研究与发展,2006,43(006):1050-1057.
[15]Park J, Sandhu R. The UCON ABC usage control model[J]. ACM Transactions on Information and System Security (TISSEC).2004,7(1):128-174.
[16]Sandhu R, Park J. Usage control:A vision for next generation access control [J]. Computer Network Security.2003:17-31.
[17]肖侬,任浩,徐志伟,唐志敏,谢向辉,李伟。基于资源目录技术的网格系统软件设计与实现。计算机研究与发展,2002,39(8):902-906
[18]Armbrust, M., et al. Above the clouds:A Berkeley view of cloud computing. Tech. Rep. UCB/EECS-2009-28, EECS Department, U.C. Berkeley, Feb 2009.
[19]徐光祐,史元春,谢伟凯。普适计算。计算机学报,2003,26(9):1042-1050
[20]A Framework for managing the Assured Information Sharing Lifecycle, http://www.cerias.purdue.edu/site/projects/detail/a framework for managing the_assured_information_sharing lifecycle/.
[21]David E. Bell and Leonard J. LaPadula. Computer Security Model:Unified Exposition and Multics Interpretation. Technical Report ESD-TR-75-306, The MITRE Corporation, Bedford, MA. HQ Electronic Systems Division, Hanscom AFB, MA, March 1976. http://csrc.nist.gov/publications/history/bell76.pdf.2,6
[22]Dimmock N, Andr, Belokosztolszki S, et al. Using trust and risk in role-based access control policies[C]. Proceedings of the ninth ACM symposium on Access control models and technologies,2004,156-162.
[23]Ni Q, Bertino E, Lobo J. Risk-based access control systems built on fuzzy inferences[C]. Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010),2010,250-260.
[24]Han W, Ni Q, Chen H. Apply Measurable Risk to Strengthen Security of a Role-Based Delegation Supporting Workflow System[C]. IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2009), 2009,45-52.
[25]A Framework for managing the Assured Information Sharing Lifecycle, http://www.cerias.purdue.edu/site/projects/detai1/a framework_for_managing_the assured information sharing lifecycle/.
[26]王雅哲,冯登国。一种XACML规则冲突及冗余分析方法。计算机学报,2009,32(3):516-530
[27]Markus Lorch, Seth Proctor, Rebekah Lepro, Dennis Kafura, Sumit Shah, First experiences using XACML for access control in distributed systems, Proceedings of the 2003 ACM workshop on XML security, October 31-31,2003, Fairfax, Virginia
[28]Xu M, Wijesekera D, Zhang X, et al. Towards session-aware RBAC administration and enforcement with XACML[C]. Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks, 2009,9-16.
[29]Nan Zhang, Mark Ryan, Dimitar P. Guelev, Synthesising verified access control systems in XACML, Proceedings of the 2004 ACM workshop on Formal methods in security engineering, October 29-29,2004, Washington DC, USA
[30]Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B.S., Mulmo, O. Policy Administration Control and Delegation using XACML and Delegent. In 6th IEEE/ACM International Workshop on Grid Computing November 13-14,2005, Seattle, USA
[31]李晓峰,冯登国,何永忠。XACML Admin中的策略预处理研究。计算机研究与发展,2007,44(5):729-736
[32]Role based access control[EB/OL].ANSI INCITS 359-2004,2007,5(6):51-53. http://csrc.nist.gov/rbac/.