多安全域角色信任访问控制模型

doi:10.13190/j.jbupt.2014.03.017

北京邮电大学学报 ›› 2014, Vol. 37 ›› Issue (3): 83-88.doi: 10.13190/j.jbupt.2014.03.017

多安全域角色信任访问控制模型

谢丽霞, 薄夫宽, 邓强

中国民航大学计算机科学与技术学院, 天津 300300

收稿日期:2013-09-11 出版日期:2014-06-28 发布日期:2014-06-08
作者简介:谢丽霞（1974-），女，副教授，E-mail：lxxie@126.com.
基金资助:
国家科技重大专项项目（2012ZX03002002）；国家自然科学基金项目（60776807， 61179045）；天津市科技计划重点项目（09JCZDJC16800）；中国民航科技基金项目（MHRD201009， MHRD201205）

Multi-Domain Role Trust Access Control Model

XIE Li-xia, BO Fu-kuan, DENG Qiang

School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China

Received:2013-09-11 Online:2014-06-28 Published:2014-06-08

摘要/Abstract

摘要：

为解决网络中多安全域间的访问控制难题，提出一种基于角色和信任度的访问控制模型. 将角色和信任度相关联，根据用户角色等级定义角色评价权重，利用角色评价权重和角色行为计算其信任度. 在引入直接信任度、推荐信任度和反馈信任度的基础上，通过调节各自的评价权重参与综合信任度评价，实现了细粒度的访问控制. 在局域网环境下利用web应用系统构建具有多安全域的访问控制模型，并进行了仿真实验，实验结果证明该模型具有较高的安全性、可扩展性和灵活性.

关键词: 访问控制, 角色, 反馈信任度, 综合信任度, 细粒度

Abstract:

To solve the problem of access control among different security domains in networks, an access control model is presented based on role and trust degree. Each role associates with a trust value, the role evaluation weights are defined in terms of user's role rank and the trust degree is calculated according to the role evaluation weights and role behavior. Direct trust degree, recommendation trust degree and feedback trust degree are introduced in this model to achieve fine-grained access control. The three trust degrees mentioned above participate in the comprehensive trust degree evaluation by adjusting their weights. Simulation is conducted in local area network environment in which a web system is used to construct an access control model with multi-domain. Experiment demonstrates that the model is of higher security, expansibility and flexibility.

Key words: access control, role, feedback trust degree, comprehensive trust degree, fine-grained

中图分类号:

谢丽霞, 薄夫宽, 邓强. 多安全域角色信任访问控制模型[J]. 北京邮电大学学报, 2014, 37(3): 83-88.

XIE Li-xia, BO Fu-kuan, DENG Qiang. Multi-Domain Role Trust Access Control Model[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(3): 83-88.

参考文献

[1] Tolone W, Ahn G J, Pai T. Access system [J]. Journal of ACM Computing Surveys, 2005, 37(1): 29-41.

[2] Barker S, Sergot M J, Wijesekera D. Status-based access control [J]. ACM Transactions on Information and System Security, 2008, 12(1): 1-47.

[3] Han W, Xu M, Zhao W, et al. A trusted decentralized access control framework for the client/server architecture [J]. Journal of Network and Computer Applications, 2010, 33(2): 76-83.

[4] Li Ninghui, Wang Qihua. Resiliency policies in access control[C]//Proceedings of the 13^th ACM Conference on Computer and Communications Security. New York: ACM Press, 2009: 113- 123.

[5] Abassi R, El F S G. Towards a generic trust management model[C]//2012 19^th International Conference on Telecommunications. Piscataway: IEEE Press, 2012: 1-6.

[6] Ma Shunan, He Jingsha, Gao Feng. An access control model based on multi-factors trust [J]. Journal of Networks, 2012, 7(1): 173-178.

[7] 王亮, 郭亚军. P2P系统中基于声誉的信任评估机制[J]. 计算机工程与应用, 2009, 45(15): 136- 138. Wang Liang, Guo Yajun. Reputation-based on trust evaluation mechanism for P2P system [J]. Computer Engineering and Applications, 2009, 45(15): 136-138.

[8] 刘武, 段海新, 张洪, 等. TRBAC: 基于信任的访问控制模型[J]. 计算机研究与发展, 2011, 48(8): 1414-1420. Liu Wu, Duan Haixin, Zhang Hong, et al. TRBAC: trust based access control model [J]. Journal of Computer Research and Development, 2011, 48(8): 1414-1420.

[9] Wang Xiao. A study of P2P access control strategy based on trust and security grade[C]//2011 International Conference on Computer Science and Service System. Washington D C: IEEE Computer Society, 2011: 126-128.

[10] Feng Xiaosheng, Ge Bin, Sun Yang, et al. Enhancing role management in role-based access control[C]//2010 3^rd IEEE International Conference on Broadband Network and Multimedia Technology. Washington D C: IEEE Computer Society, 2010: 677-683.

[11] Kabir M, Wang Hua, Bertino E. A role-involved purpose-based access control model [J]. Information Systems Frontiers, 2012, 14(3): 809-822.

[1]	张天魁蔡昌利骆晓亮朱禹涛. 基于多尺度特征Transformer的细粒度图像分类方法[J]. 北京邮电大学学报, 2023, 46(4): 70-75.
[2]	康海燕, 张沙沙. 云链协同的工业互联网数据共享访问控制方法[J]. 北京邮电大学学报, 2023, 46(3): 56-61.
[3]	杨华, 耿烜, 孔宁. 一种采用dueling-DDQN算法的无线网络MAC协议[J]. 北京邮电大学学报, 2023, 46(3): 25-30.
[4]	刘宁春, 郜帅, 侯心迪, 国兴昌. 一种信息中心移动自组网中的数据访问控制机制[J]. 北京邮电大学学报, 2021, 44(2): 54-60.
[5]	王峥, 李玲, 李娜. 雾计算中用户和属性可撤销的访问控制方案[J]. 北京邮电大学学报, 2020, 43(6): 88-95.
[6]	陈红松, 沈强磊. 云计算环境下支持高效撤销的新型属性基加密方案[J]. 北京邮电大学学报, 2018, 41(3): 113-118.
[7]	赵斌, 何泾沙, 张伊璇, 及歆荣, 轩兴刚. 访问控制中基于粗糙集的授权规则知识发现[J]. 北京邮电大学学报, 2016, 39(2): 48-52.
[8]	白磊, 冯振兴, 田立勤. 基于CDMA的水下传感器网络MAC协议设计[J]. 北京邮电大学学报, 2015, 38(s1): 107-110.
[9]	刘迎春郑小林陈德人. 信任网络中基于角色信誉的信任预测[J]. 北京邮电大学学报, 2013, 36(1): 72-76.
[10]	范艳芳, 蔡英, 耿秀华. 具有时空约束的强制访问控制模型[J]. 北京邮电大学学报, 2012, 35(5): 111-114.
[11]	张宏海黄赞杰周颢赵保华. 协作的HLBP无线局域网多播差错控制协议[J]. 北京邮电大学学报, 2012, 35(2): 121-125.
[12]	赵保华，池信泽，李濛，周颢. 无线局域网络的可靠多播差错控制协议 [J]. 北京邮电大学学报, 2012, 35(1): 81-84.
[13]	彭维平,周亚建,平源,宋成,王枞,杨义先. 扩展角色的密文数据访问控制模型[J]. 北京邮电大学学报, 2011, 34(5): 19-24.
[14]	胡金龙1,2 ；庞迪2 ；周继华2 ；赵萃萃2 ；石晶林1,2. 灵活易移植的WiMAX MAC协议栈软件系统[J]. 北京邮电大学学报, 2010, 33(1): 70-73.
[15]	张猛;周永红;孟洛明. 基于角色的IAM系统的研究与实现[J]. 北京邮电大学学报, 2009, 32(s1): 123-128.

多安全域角色信任访问控制模型

Multi-Domain Role Trust Access Control Model

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价