分布式协同环境下的访问控制模型研究-智能与分布计算实验室

分布式协同环境下的访问控制模型研究

姓名	霍晓丽
论文答辩日期	2007.11.07
论文提交日期	2007.11.09
论文级别	博士
中文题名	分布式协同环境下的访问控制模型研究
英文题名	Research on Access Control Model in Distributed Cooperative Enviroment
导师1	卢正鼎
导师2
中文关键词	协同环境;访问控制;角色互斥;动态权限;移动代理;信息网格
英文关键词	Information Security;Access Control;Mutually exclusive role;dynamic privilege;Mobile Agent;Information Grid
中文文摘	With the development of network and information technique, information become increasing open ,evolution of the society depend on all kinds of information more and more. Information open benefits to information share and communion, and also help people to work cooperatively. But information open also draws on all kinds of attacks, to ensure information security is very difficult, and people may suffer from huge expense for information disclosed. Information open leads to insecurity. Nowadays network spreads increasing widely and people at different geographical locations may work cooperatively using distributed network application systems. In such circumstances, it is obviously importance to ensure security of information and information system. Access control is a very important research direction of the information security field. Access control is a method of allowing or forbidding users to access to information resources. Role based access control model (RBAC) is the most popular access control model in the 1990s, but it is a typical centralized access control model. In large network based distributed collaborative application systems, there are large quantity of users and roles, and relations of users and roles are very complicated. Distributed application systems and large amount of users and roles challenge administrative ability of access control models, and RBAC is not suitable. Based on RBAC model and According to the characteristic of distributed collaborative circumstances, extend the RBAC model to distributed collaborative circumstances, the feasibility and concrete solution of cooperative access method in distributed application are researched. After discuss constrain relations of share privilege among roles, a new method based on mutually exclusive roles is proposed to implement separation of duties. Mutually exclusive roles are classified to two kinds: static and dynamic, and the static and dynamic mutually exclusive roles are described formally. The mutually exclusive roles can be used to implement kinds of flexible access control policy, and separation of duties don’t influence normal running of the application systems which adopt mutually exclusive roles to implement separation of duties, e.g. workflow manager system. Based on role based privilege manager model, flow based composite data privilege manager model is proposed, and the computing course for privilege control of the composite data is given. Core concepts of the model are tasks and roles, multi perspective privilege views are built and composite privileges control architecture is implemented. The new flow based composite data privilege manager model can ensure users obtain appropriate privileges to perform their duties. Characteristic of mobile agent and threatens mobile agent faced are summarized. Security policies are built based on requirements of security subsystem, and agent techniques are applied for access control transformation. Definition and detail design of the CMISA model are given; using the CMISA model, mature agent system architecture can be built. Based on security requirement of information grid, characteristics and authorizing element of the information grid are analyzed, and formal describe of access control in information grid are also analyzed. Access control policy and characteristic of authorizing in grid circumstances are researched detail, and access control policy of information grid is given. Prototype of information grid is researched and dynamitic share of computing resource among different organization are implemented. Merits of the prototype compared to traditional distributed compute system are as follow: customer applications needn’t be deployed in advance, after new customer applications are submitted, the applications can run immediately according to the customer’s will. Shared computing resources are dynamic and real time, so security of information is ensured.
英文文摘	随着网络与信息技术的快速发展，社会对信息的依赖性不断增强，信息越来越开放。伴随着信息开放性而来的是信息的不安全性，信息系统的开放性有利于人类社会信息的共享、交流和协同合作，但也会使系统中的信息受各种人为攻击的途径和机会增多，信息的安全性得不到有效保障，可能会使人们遭受到巨大的损失。因此，在当今网络覆盖范围越来越广，尤其是在分布式协同环境在一些部门、企业的应用越来越多的情况下，信息与信息系统的安全问题就显得更为重要。信息安全技术领域一个非常重要的方面是访问控制，访问控制是通过某种途径显式地准许或限制用户、组或角色对信息资源的访问能力及范围的一种方法。基于角色的访问控制模型（RBAC）是90年代以来最受关注的访问控制策略之一，但是RBAC是基于集中式访问控制假设的，在大型的分布式协同系统中，用户与角色的数量众多，关系复杂，特别是地域上的复杂分布，给访问控制带来了管理上的巨大挑战，此时RBAC模型就存在了一定的局限性。以基于角色的访问控制模型为基础，针对分布式协同环境下的特征，将RBAC在分布式协同环境下进行了扩展，研究分布式系统中协同访问的可行性及具体解决方案。在讨论了角色之间共享权限约束关系的基础上，提出一种利用角色互斥的方法来实现职责分离原则，将角色互斥分为静态和动态互斥并给出形式化描述，给出并证明怎样的角色互斥和权限共享约束是维持安全状态的充分条件和必要条件。系统通过角色互斥可以实现各种灵活的安全策略，并且实现职责分离的系统并不影响其它机制，如工作流机制的加载。在基于角色的权限管理模型的基础上，研究了基于流程的复合数据权限管理模型，并给出了复合数据权限控制计算过程。该模型以任务和角色为核心，建立多角度权限视图，实现复合立体权限交叉控制体系，从而确保在协同产品开发过程中正确的数据在正确的时间以正确的权限传递给正确的用户。总结归纳了移动代理的特性及所面临的安全威胁，针对移动代理的授权问题，我们提出了RCMMA授权模型，并且引用了RBAC模式来保护移动代理执行服务器资源的安全。在实际应用中我们结合协同开发和Agent技术,构造了一个基于Agent组件的智能软件协同开发模型CMISA。实现从传统软件结构到智能软件结构的转变,从实体单元的被动性到主动自主性的转变,使开发出来的软件具有典型的智能特征。根据基于信息网格的安全需求，分析了信息网格的一些特点、信息网格访问控制形式描述、信息网格中的授权要素，详细研究了网格环境中访问控制策略、网格环境中的授权策略的特征，给出了信息网格中的安全访问策略。研究了信息网格原型，实现了跨组织的计算资源的动态共享。该原型与传统的分布式运算相比有以下优点：不需要事先部署用户应用程序，用户只需要提交新的应用程序，然后计算结果，每次共享的计算资源是动态实时的，确保信息的安全性。