Access control mechanism with dynamic authorization and file evaluation
ZHANG Yue1,2, ZHENG Dong1, ZHANG Yinghui1,2
1. National Engineering Laboratory for Wireless Security (Xi'an University of Posts and Telecommunications), Xi'an Shaanxi 710121, China;
2. State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093, China
Concering that the traditional access control methods fail to support dynamic authorization and file evaluation, and suffer from malicious re-sharing issue, an Access Control Mechanism with Dynamic Authorization and File Evaluation (DAFE-AC) was proposed. DAFE-AC adopted a dynamic authorization mechanism to monitor authorized users in real-time and allowed users to supervise each other. The file evaluation mechanism in DAFE-AC could dynamically update the access threshold of files. Based on the Hash/index database, DAFE-AC can ensure the uniqueness of files in the system. In DAFE-AC, a user' authorization value can dynamically change with behaviors of other users, and users can perform file evaluation to eliminate malicious re-sharing of files.
[1] SHEN C, ZHANG H, FENG D, et al. Survey of information security [J]. Science in China, Series E: Information Sciences, 2007, 37(2): 129-150.(沈昌祥, 张焕国, 冯登国,等. 信息安全综述[J]. 中国科学,E辑: 信息科学, 2007, 37(2): 129-150.) [2] WHITMAN M E. Enemy at the gate: threats to information security [J]. Communications of the ACM, 2003, 46(8): 91-95. [3] HU H, YAO F, HE C. Solution of Windows files security protection based on file-system filter driver [J]. Journal of Computer Applications, 2009, 29(1):168-171.(胡宏银, 姚峰, 何成万. 一种基于文件过滤驱动的Windows文件安全保护方案 [J]. 计算机应用, 2009,29(1):168-171.) [4] ZI X, ZHANG S, MAO B, et al. The research and development of access control technology[J]. Computer Science, 2001,28(7):26-28.(訾小超, 张绍莲, 茅兵,等. 访问控制技术的研究和进展[J]. 计算机科学, 2001,28(7):26-28.) [5] JAFARIAN J H, JALILI R. A dynamic mandatory access control model [C]// Proceedings of the 13th International CSI Computer Conference on Advances in Computer Science and Engineering. Berlin: Springer-Verlag, 2009,6: 862-866. [6] BIBA K J. Integrity considerations for secure computer systems, MTR-3153[R]. Bedford: MITRE Corporation, 1977. [7] LIU Q, WANG L, HE L. Research on a series of problems in RBAC model[J]. Computer Science, 2012,39(11):13-18.(刘强, 王磊, 何琳. RBAC模型研究历程中的系列问题分析[J]. 计算机科学, 2012,39(11):13-18) [8] HARRISON M H, RUZZO W I,ULLMAN J D. Protection in operating system[J]. Communications of the ACM, 1976, 19(8): 461-471. [9] JIANG S, WANG J, YU H, et al. Improved mandatory access control model for Android [J]. Journal of Computer Applications, 2013, 33(6):1630-1636.(蒋绍林, 王金双, 于晗,等. 改进的Android强制访问控制模型 [J]. 计算机应用, 2013, 33(6):1630-1636.) [10] CHU X, OU Y, CHEN H, et al. Homonymous role in role-based discretionary access control [J]. Wireless Communications and Mobile Computing, 2009, 9(9): 1287-1300. [11] REN H. Status and developments of access control model[J]. Computer and Digital Engineering, 2013, 41(3). 452-456.(任海鹏. 访问控制模型研究现状及展望[J]. 计算机与数字工程, 2013, 41(3). 452-456.) [12] BERTINO E, BETTINI C, FERRARI E, et al. A temporal access control mechanism for database systems[J]. IEEE Transactions on Knowledge and Data Engineering,1996,8(1):67-80. [13] BERTINO E, BETTINI C, FERRARI E, et al. An access control model supporting periodicity constraints and temporal reasoning[J]. ACM Transactions on Database Systems,1998, 23(3):213-285. [14] SANDHU R S, COYNE E J, FEINSTEIN H L, et al. Role-based access control models [J]. IEEE Computer, 1996, 29(2): 38-47. [15] SHARMA M, SURAL S, VAIDYA J, et al. AMTRAC: an administrative model for temporal role-based access control [J]. Computers and Security, 2013, 39: 201-218. [16] ZHENG D, ZHAO Q, ZHANG Y. A brief overview on cryptography [J]. Journal of Xi'an University of Posts and Telecommunications, 2013, 18(6): 1-10.(郑东, 赵庆兰, 张应辉. 密码学综述 [J]. 西安邮电大学学报, 2013, 18(6): 1-10.) [17] KANSO A, YAHYAOUI H, ALMULLA M. Keyed Hash function based on a chaotic map [J]. Information Sciences, 2012, 186(1): 249-264.