支持动态授权和文件评价的访问控制机制

doi:10.11772/j.issn.1001-9081.2015.04.0964

摘要
图/表
参考文献(0)
相关文章 (15)

全文: PDF (619 KB) HTML (1 KB)
输出: BibTeX | EndNote (RIS)

摘要

针对传统的访问控制方法不支持动态授权和文件评价、且存在恶意再分享隐患,设计了一种支持动态授权和文件评价的访问控制机制(DAFE-AC)。DAFE-AC采用的动态授权机制能够对已授权用户进行实时监控,保证了用户之间的相互监督;采用的文件评价机制可以支持文件解锁阈值的动态更新。基于Hash/索引数据库,DAFE-AC确保了文件在系统中的唯一性。在DAFE-AC中,用户授权值会随着其他用户行为动态变化,且用户可以通过对文件进行评价以消除恶意再分享。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	张悦
	郑东
	张应辉

关键词 ：访问控制, 文件共享, 动态授权, 文件评价

Abstract：

Concering that the traditional access control methods fail to support dynamic authorization and file evaluation, and suffer from malicious re-sharing issue, an Access Control Mechanism with Dynamic Authorization and File Evaluation (DAFE-AC) was proposed. DAFE-AC adopted a dynamic authorization mechanism to monitor authorized users in real-time and allowed users to supervise each other. The file evaluation mechanism in DAFE-AC could dynamically update the access threshold of files. Based on the Hash/index database, DAFE-AC can ensure the uniqueness of files in the system. In DAFE-AC, a user' authorization value can dynamically change with behaviors of other users, and users can perform file evaluation to eliminate malicious re-sharing of files.

Key words： access control file sharing dynamic authorization file evaluation

收稿日期: 2014-10-31

基金资助:

国家自然科学基金资助项目(61272037, 61402366, 61472472);陕西省自然科学基础研究计划项目(2013JZ020);国家科技重大专项基金资助项目(2013ZX03002004)。

通讯作者: 张悦 E-mail: zyuexupt@126.com

作者简介: 张悦(1989-),男,陕西榆林人,硕士研究生,主要研究方向:信息安全; 郑东(1964-),男,山西翼城人,教授,博士,主要研究方向:密码学、云存储安全; 张应辉(1985-),男,陕西户县人,讲师,博士,主要研究方向:云存储安全。

引用本文:

张悦, 郑东, 张应辉. 支持动态授权和文件评价的访问控制机制[J]. 计算机应用, 2015, 35(4): 964-967. ZHANG Yue, ZHENG Dong, ZHANG Yinghui. Access control mechanism with dynamic authorization and file evaluation. Journal of Computer Applications, 2015, 35(4): 964-967.

链接本文:

http://www.joca.cn/CN/10.11772/j.issn.1001-9081.2015.04.0964 或 http://www.joca.cn/CN/Y2015/V35/I4/964

[5]	JAFARIAN J H, JALILI R. A dynamic mandatory access control model [C]// Proceedings of the 13th International CSI Computer Conference on Advances in Computer Science and Engineering. Berlin: Springer-Verlag, 2009,6: 862-866.
[1]	SHEN C, ZHANG H, FENG D, et al. Survey of information security [J]. Science in China, Series E: Information Sciences, 2007, 37(2): 129-150.(沈昌祥, 张焕国, 冯登国,等. 信息安全综述[J]. 中国科学,E辑: 信息科学, 2007, 37(2): 129-150.)
[6]	BIBA K J. Integrity considerations for secure computer systems, MTR-3153[R]. Bedford: MITRE Corporation, 1977.
[7]	LIU Q, WANG L, HE L. Research on a series of problems in RBAC model[J]. Computer Science, 2012,39(11):13-18.(刘强, 王磊, 何琳. RBAC模型研究历程中的系列问题分析[J]. 计算机科学, 2012,39(11):13-18)
[8]	HARRISON M H, RUZZO W I,ULLMAN J D. Protection in operating system[J]. Communications of the ACM, 1976, 19(8): 461-471.
[9]	JIANG S, WANG J, YU H, et al. Improved mandatory access control model for Android [J]. Journal of Computer Applications, 2013, 33(6):1630-1636.(蒋绍林, 王金双, 于晗,等. 改进的Android强制访问控制模型 [J]. 计算机应用, 2013, 33(6):1630-1636.)
[2]	WHITMAN M E. Enemy at the gate: threats to information security [J]. Communications of the ACM, 2003, 46(8): 91-95.
[10]	CHU X, OU Y, CHEN H, et al. Homonymous role in role-based discretionary access control [J]. Wireless Communications and Mobile Computing, 2009, 9(9): 1287-1300.
[3]	HU H, YAO F, HE C. Solution of Windows files security protection based on file-system filter driver [J]. Journal of Computer Applications, 2009, 29(1):168-171.(胡宏银, 姚峰, 何成万. 一种基于文件过滤驱动的Windows文件安全保护方案 [J]. 计算机应用, 2009,29(1):168-171.)
[4]	ZI X, ZHANG S, MAO B, et al. The research and development of access control technology[J]. Computer Science, 2001,28(7):26-28.(訾小超, 张绍莲, 茅兵,等. 访问控制技术的研究和进展[J]. 计算机科学, 2001,28(7):26-28.)
[11]	REN H. Status and developments of access control model[J]. Computer and Digital Engineering, 2013, 41(3). 452-456.(任海鹏. 访问控制模型研究现状及展望[J]. 计算机与数字工程, 2013, 41(3). 452-456.)
[12]	BERTINO E, BETTINI C, FERRARI E, et al. A temporal access control mechanism for database systems[J]. IEEE Transactions on Knowledge and Data Engineering,1996,8(1):67-80.
[5]	JAFARIAN J H, JALILI R. A dynamic mandatory access control model [C]// Proceedings of the 13th International CSI Computer Conference on Advances in Computer Science and Engineering. Berlin: Springer-Verlag, 2009,6: 862-866.
[6]	BIBA K J. Integrity considerations for secure computer systems, MTR-3153[R]. Bedford: MITRE Corporation, 1977.
[13]	BERTINO E, BETTINI C, FERRARI E, et al. An access control model supporting periodicity constraints and temporal reasoning[J]. ACM Transactions on Database Systems,1998, 23(3):213-285.
[7]	LIU Q, WANG L, HE L. Research on a series of problems in RBAC model[J]. Computer Science, 2012,39(11):13-18.(刘强, 王磊, 何琳. RBAC模型研究历程中的系列问题分析[J]. 计算机科学, 2012,39(11):13-18)
[8]	HARRISON M H, RUZZO W I,ULLMAN J D. Protection in operating system[J]. Communications of the ACM, 1976, 19(8): 461-471.
[9]	JIANG S, WANG J, YU H, et al. Improved mandatory access control model for Android [J]. Journal of Computer Applications, 2013, 33(6):1630-1636.(蒋绍林, 王金双, 于晗,等. 改进的Android强制访问控制模型 [J]. 计算机应用, 2013, 33(6):1630-1636.)
[14]	SANDHU R S, COYNE E J, FEINSTEIN H L, et al. Role-based access control models [J]. IEEE Computer, 1996, 29(2): 38-47.
[10]	CHU X, OU Y, CHEN H, et al. Homonymous role in role-based discretionary access control [J]. Wireless Communications and Mobile Computing, 2009, 9(9): 1287-1300.
[15]	SHARMA M, SURAL S, VAIDYA J, et al. AMTRAC: an administrative model for temporal role-based access control [J]. Computers and Security, 2013, 39: 201-218.
[11]	REN H. Status and developments of access control model[J]. Computer and Digital Engineering, 2013, 41(3). 452-456.(任海鹏. 访问控制模型研究现状及展望[J]. 计算机与数字工程, 2013, 41(3). 452-456.)
[12]	BERTINO E, BETTINI C, FERRARI E, et al. A temporal access control mechanism for database systems[J]. IEEE Transactions on Knowledge and Data Engineering,1996,8(1):67-80.
[16]	ZHENG D, ZHAO Q, ZHANG Y. A brief overview on cryptography [J]. Journal of Xi'an University of Posts and Telecommunications, 2013, 18(6): 1-10.(郑东, 赵庆兰, 张应辉. 密码学综述 [J]. 西安邮电大学学报, 2013, 18(6): 1-10.)
[17]	KANSO A, YAHYAOUI H, ALMULLA M. Keyed Hash function based on a chaotic map [J]. Information Sciences, 2012, 186(1): 249-264.
[13]	BERTINO E, BETTINI C, FERRARI E, et al. An access control model supporting periodicity constraints and temporal reasoning[J]. ACM Transactions on Database Systems,1998, 23(3):213-285.
[14]	SANDHU R S, COYNE E J, FEINSTEIN H L, et al. Role-based access control models [J]. IEEE Computer, 1996, 29(2): 38-47.
[15]	SHARMA M, SURAL S, VAIDYA J, et al. AMTRAC: an administrative model for temporal role-based access control [J]. Computers and Security, 2013, 39: 201-218.
[16]	ZHENG D, ZHAO Q, ZHANG Y. A brief overview on cryptography [J]. Journal of Xi'an University of Posts and Telecommunications, 2013, 18(6): 1-10.(郑东, 赵庆兰, 张应辉. 密码学综述 [J]. 西安邮电大学学报, 2013, 18(6): 1-10.)
[17]	KANSO A, YAHYAOUI H, ALMULLA M. Keyed Hash function based on a chaotic map [J]. Information Sciences, 2012, 186(1): 249-264.