智能与分布计算实验室
  协作环境中访问控制模型研究
姓名 於光灿
论文答辩日期 2008.06.03
论文提交日期 2008.06.10
论文级别 博士
中文题名 协作环境中访问控制模型研究
英文题名 Research on Access Control Model in Collaborative Environments
导师1 卢正鼎
导师2 李瑞轩
中文关键词 协作环境;访问控制;工作流;空间数据;分级安全
英文关键词 Collaborative Environments;Access Control;Workflow;Spatial Data;Multi Level Security
中文文摘 计算机支持的协作工作是指利用计算机技术、多媒体技术和网络通信技术,支持工作组人员在共享环境下交互协商、分工合作、共同完成协作任务,它支持多个时间上分离、空间上分布,而工作又相互依赖的组成员的协作工作。由于在协作组成员之间及成员与系统之间不可预知的行为和交互方式,在协作环境中保护上下文信息和资源必须解决比传统信息系统中更为特殊的安全问题,其核心就是要平衡安全与协作、灵活性与可控性的矛盾。计算机支持的协作工作在政府、商业、教育、医疗、军事等多个领域得到广泛的应用,典型应用包括工作流管理系统、办公自动化系统、协同设计系统、军事指挥系统、远程教育和电视电话会议等,这些协作系统应用背景、工作性质的不同决定其对访问控制的需求也有所不同,适当的访问控制模型是支持这些协作系统正常运行的重要前提之一。 综述了协作环境中访问控制理模型研究成果,分析了现有研究成果不足之处,针对协作环境中访问控制的需求,研究以下访问控制模型并通过形式化证明或原型系统对模型进行验证。 以基于场所的访问控制模型和基于角色的访问控制模型为基础研究基于场所和角色的协作访问控制模型,对角色、权限、场所等主要模型部件进行了重新定义,引入基于时间、空间、上下文状态变量的授权约束及协作场所等概念,引入了组成员通过投票进行授权的方法,实现全局访问控制和协作小组内部自主访问控制相结合的灵活、分层授权机制。 在BLP模型基础上研究树形层次化组织机构中的分级协作访问控制模型,建立部门之间的层次关系,给出岗位这一新的概念,简化了安全标记指派这一烦琐工作。通过为岗位指派多个安全标记,实现上下级及平级部门之间的互相沟通,在树形层次中靠得越近的部门,其职员之间可交流的客体密级越高。定义三个层次的访问矩阵,实现多种粒度的灵活的自主访问控制。树形层次化组织机构中的分级访问控制模型在增加灵活性和实用性的同时保证信息的流动始终处于系统的控制之下,继承了BLP模型最突出的优点,并通过形式化证明的方式对树形层次化组织机构中的分级访问控制模型进行了验证。 研究工作流系统中基于场所的分布式授权模型,模型适应于多种现有授权模型不能很好支持的应用场景。将对工作流的授权分为两个步骤,第一步为工作流中的活动选择执行场所,可以直接指定或者通过数据驱动的方式为活动选择执行场所,第二步场所管理员根据场所的安全策略为由本场所负责执行的活动指定具体的执行者,可以通过授权规则或直接指定的方式为活动选定执行者,实现对工作流系统的分布式授权。 研究基于特征的空间数据协同标注访问控制模型,模型主要由基本授权模型和授权约束模块所组成,基本授权模型从完成业务活动所需权限的角度出发进行较粗粒度但简单的授权,授权约束模块将授权限制在特定的地理区域或空间对象集合内,以控制权限的行使范围,两个部分互相配合实现较为灵活、细粒度的访问控制,根据职责分离和最小特权原则给出该模型的分布式管理模型。 为了满足军队作战指挥的需要,开发了协作访问控制原型系统,系统中采用上述访问控制模型解决原型系统中不同子系统应用场景的授权需求,在实际应用中对模型进行验证。
英文文摘 With the development of Computer Supported Cooperative Work (CSCW) technology, a group of users from geographically dispersed can work together for the same goal. Because of unpredictable interactive mode between collaborative users and collaborative systems, some especial security problems must be solved. In collaborative environments, access control faces more challenges, not only should it prevent outside invasion but also prevent inter unauthorized access. CSCW is widely used in many application fields, and representative applications include workflow, OA, military commanding automatization etc. Appropriate access control models are needed to ensure security of the applications. In this paper access control models in collaborative environments are surveyed. Based on the analyses of security requirements in collaborative environment, several access control models are proposed, and these models are validate through formal prove or prototype systems. The locale and role based access control model in collaborative environments is proposed based on the role based access control model and the locale based access control model. Some major components, such as roles, permissions and locales, are redefined. The model combines global access control policies and discretionary access control policies of collaboration locales to provide a flexible and hierarchy authorization mechanism. A multilevel collaborative access control model applied to the tree like hierarchy organizations is proposed based on the famous Bell-LaPadula (BLP) model. Hierarchy relations among departments are built and a new concept named “post” is proposed, it is greatly simplified to assign security tags to subjects and objects. The interoperation among different departments is implemented through assigning multi security tags to one post, and the more departments are close on the organization tree, the more secret objects can be exchanged by staffers of the departments. The access control matrixes of department, post and staffer are defined, making use of the three access control matrixes multi granularity and flexible discretionary access control policy is implemented. The outstanding merit of BLP model is inherited, the model can promise all information flow is under controlled, and compared to BLP model the proposed model is more flexible. A locale based distributed authorization model applied to workflow system is proposed, the model can support some application scenes that others models can’t support. The authorization of workflow system is divided into two steps. The first step is to choose executing locales for activities of workflow, both directly assigning method and data driven method can be used to choose executing locale for activities. The second step is that administrators of locales assign executers to activities based on security policies of locales, both authorization rules and directly assigning methods can be used to choose executors for activities. Through the two steps, the distributed authorization of workflow system is implemented. A feature based spatial data access control model is proposal. The model is composed of a basic authorization module and an authorization constraints module. The authorization fashion of the basic authorization module is coarse granularity but simple, the goal of the basic authorization module is let users have enough privileges to do their works. The authorization constraints module limits scope of privileges in given geographical areas or geographical objects set. The two modules cooperate to implement flexible and fine granularity access control. And a distributed authorization administration model is proposal according to principles of the smallest privileges and separation of duties. A system prototype is developed for military commanding automatization, and the access control models proposed in the paper are applied to the prototype and are verified in real works.