【作者】 李金双；

【导师】 常桂然；

【作者基本信息】 东北大学 ， 计算机系统结构， 2009， 博士

【摘要】 访问控制是信息安全技术的重要组成部分,经历了多个发展阶段,当前访问控制的研究重点和热点是基于角色的访问控制(RBAC)。RBAC通过引入角色的概念实现了用户和权限的逻辑分离,近年来,RBAC模型因为可以更有效地实施组织的安全策略而得到了广泛的认可,在2004年正式成为ANSI标准。RBAC模型的一个基本目标是提供一个有效的并且精确的方法来管理访问控制数据。标准的RBAC模型是一个策略无关的模型,在具体采用RBAC模型进行访问控制管理时,必须对模型中的各种要素加以扩展,对模型的某些方面重新描述,以适应具体应用的管理需要,业界对此进行了广泛的研究。而随着模型的重新描述,原有RBAC模型的一些显著特点也在新模型中明显降低,使得新扩展模型的应用不具有普遍性。因此,在不影响RBAC模型灵活性、策略无关性的基础上,对模型元素提供更细致的描述扩展,无疑有利于在实际的访问控制应用中采用RBAC模型。在采用RBAC策略进行访问控制描述时会涉及到大量的用户、角色、权限、约束等基础数据。而随着访问控制处理的精细化,访问控制管理信息描述的粒度有越来越小的趋势,随之而来的则是访问控制信息的迅速膨胀。如何更好地解决RBAC的管理问题日益成为访问控制研究的新热点。委托表示系统中某个处于活动状态的实体将自己的权力转授给其他活动实体,使被授予的实体可以代表授予实体执行相应的权力,目前研究的重点是基于角色的用户-用户委托。委托增加了访问控制中授权的灵活性,但同时对企业或组织的访问控制策略的维护提出了新的挑战。针对上述三方面的问题,本文在不改变RBAC模型现有优点的前提下,给出了一个体现RBAC模型原有设计思想的统一解决方案。本文所完成的主要工作如下：(1)基于委托是个体行为这一观点,剔除委托研究中的少量具有企业管理特征的行为,提出支持用户委托的RBAC模型——D-RBAC。模型的本质是在RBAC模型的基础上,增加一个委托支持模块,从而提供了用户-用户委托支持的扩展。模型本身具有策略无关、设计简单、适用面广的特点,支持现有研究中所有反映委托个体行为特征的委托操作。另外,模型还提供了管理员干预的支持,在尽量减少管理员管理工作的前提下,给出了有效的解决方案,使得管理员能够规范委托人的行为,从而达到既允许用户委托,又不破坏企业或组织的访问控制策略。(2)提出了一个既适用于分布式管理又适用于集中式管理的全新管理角色层级划分方式——管理域的概念。管理域不但保留了RBAC的层级特征,而且有效地约束了管理员的权限,还很好地解决了管理员角色层级与系统角色层级之间的既有区别又有联系的关系。(3)在管理域概念的支持下,提出了管理域支持的RBAC管理模型——D-ARBAC。模型避免了现有RBAC管理模型中的多步授权、访问信息存储冗余、进行分布式管理时管理员职责易于改变等问题。D-ARBAC模型能更好地完成RBAC管理工作,对管理员和常规用户之间的关系做出了规范,控制并拆分了管理员的权限,在系统管理方面为RBAC模型增加了安全性控制,并且与RBAC的实现方式无关,可以管理任何级别的RBAC模型及其扩展模型。(4)提出了属性增强描述的RBAC模型,对RBAC的核心概念中的用户、角色、权限采用统一的属性进行描述,在不改变原有RBAC模型优点的同时,方便了模型的管理和实现,并有利于RBAC在不同环境下的应用。(5)给出了属性及属性约束表达式的基于BNF规范的定义,属性支持数字、字符串、日期、时间等多种简单数据类型,还支持集合和区间这样的数据集定义,并定义了属性的可比性,以及属性之间的比较方式。(6)给出了上述模型的一种实现样例。由于XML多用于对各种类型数据的表达,具有很好的开放性和通用性,标准化程度高,具有较强的描述性,论文中给出了用XML作为访问控制数据描述语言的一种实现,同时,也将XML作为委托模型和管理模型中扩展部分的描述语言。(7)给出了采用D-ARBAC模型管理的属性描述增强的RBAC模型的实际应用实例,并在用户委托上采用D-RBAC委托模型。验证了采用D-ARBAC模型管理RBAC,以及采用D-RBAC委托模型的可行性、方便性和必要性。以上的研究工作,对于完整地实现和管理RBAC给出了一个实现简单、功能强大、安全可靠地解决方案,对建立一个完整的RBAC解决方案架构进行了有益的探索。更多还原

【Abstract】 The development of access control, which is an important information security technology, can be divided into many phases. In recent years, many researches are focused on role-based access control (RBAC). The concept of role is brought in to achieve the logical separation of the user from permission. RBAC has been generally recognized because it can more effectively implement the security policies. It became the ANSI standard in 2004.One basic aim of the RBAC model is to provide an effective and precise way of managing access control data. The normal RBAC model is not dependent on policies. But in the specific access control administration by adopting RBAC model, it is necessary to extend its various factors and re-describe some aspects of the model in order to meet the administrative demands in its specific application. Plenty of research has been conducted. However, some remarkable virtues of the normal RBAC model becomes greatly unnoticeable in the new models. As a result, the new extended models have lost the universality. Therefore, it is essential to provide more scrupulous description of the RBAC model’s factors without changing its flexibility and independence of policies. Undoubtedly this is also helpful to its application to the actual access control.Large numbers of users, roles, permissions, and constraints are invovled in access control by adopting RBAC policy. With the refinement of access control administration, the descriptive granularity of access control administrative information has a tendency to become smaller. Consequently, the access control information rapidly explodes. How to better solve the RBAC administrative problems has become a new research hot spot in the area of access control.Delegation is an important security policy that RBAC should support. Delegation means that an active entity in a system can delegate its privileges to other active entities, who are enabled to perform these privileges on behalf of the delegating entity. The role-based user-to-user delegation has gained the widest research. Delegation enhances the flexibility of permission in access control and poses some new challenges to the maintenance of access control policies. Without changing the present virtues of RBAC model, this dissertation provides an overall solution that embodies its original design ideas. The main contributions of this dissertation are as follows.(1) Based on the viewpoint that the delegation is a personal behavior, the dissertation proposes an improved D-RBAC (Delegation-supported RBAC) model. It adds a delegation-supported module to the RBAC model and accordingly provides a user-to-user delegation-supported extension. It is a policy-independent, simply designed and extensively applicable delegation model. It supports all personal delegation behaviors under the recent research. Furthermore, it supports administrator intervention, reducing his work as much as possible and enabling the administrator to regulate the delegators’behavior without violating the access control policies of an enterprise or an organization.(2) The dissertation proposes the concept of administrative domain which applies not only to centralized administration but also distributed administration. Administrative domain retains the stratified attribute of RBAC and effectively constrains the administrator’s authority. It also resolves the problem that the administrator role and regular role are different but related.(3) Based on the concept of the administrative domain, the dissertation proposes a D-ARBAC (Domain supported administration of RBAC) model. These problems are avoided: Multi-step user/permission assignments, the information of access control are redundant, and the permission of the administrator is unstable. D-ARBAC model can better fulfill the task of RBAC, regulate the relationship between the administrator and regular users, control and distribute administrator’s permission. D-ARBAC model strengthens security control in the administration of the system, which has nothing to do with RBAC’s realization manners and can administrate RBAC model and its extended models on any levels.(4) The dissertation proposes an attribute supported RBAC model. The user, role and permission are described by using uniform enterprise or organizational attributes. It helps implement RBAC in a simple and universal way, and thus facilitates the administration and applications of RBAC on different platforms.(5) The dissertation elaborates the definitions of attribute and constraint expression under the BNF criterion. The attribute value supports various data types, including number, date, time, string, set and range. And it defines comparability and comparison methods among attributes. (6) The dissertation proposes a method for implementing a RBAC system, including RBAC model, RBAC delegation and RBAC administration. XML is used in the method because it has some virtues, such as openness, universality, standardization and portability, etc. The dissertation provides an access control realization by using XML as data description language in the delegation model and administration model.(7) The dissertation presents an example of the strengthened RBAC system. It supports user-to-user delegation and is managed with the D-ARBAC model. It is verified that these models are feasible, convenient and essential.The above research work is a helpful exploration of a complete RBAC solution. A simple, powerful, and secure solution is worked out.更多还原