èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽEUCONçš„è®¿é—®æŽ§åˆ¶æŠ€æœ¯ç ”ç©¶

The Research of Access Control Model Based on EUCON

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ è”¡ä¼Ÿé¸¿ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ åŽå—ç†å·¥å¤§å¦ ï¼Œ é€šä¿¡ä¸Žä¿¡æ¯ç³»ç»Ÿï¼Œ 2012ï¼Œ åšå£«

ã€æ‘˜è¦ã€‘ éšç€ç½‘ç»œæŠ€æœ¯çš„å‘å±•å’Œäº’è”ç½‘åº”ç”¨çš„æ—¥ç›Šå¢žåŠ ï¼Œå¦‚ä½•ä¿è¯ç½‘ç»œèµ„æºä¸è¢«éžæ³•ä½¿ç”¨å’Œè®¿é—®è¿™ä¸€é—®é¢˜æ˜¾å¾—è¶Šæ¥è¶Šé‡è¦ã€‚è¿‘å¹´æ¥å¯¹è®¿é—®æŽ§åˆ¶çš„ç ”ç©¶å·²æˆä¸ºè®¡ç®—æœºç§‘å¦é¢†åŸŸçš„ç ”ç©¶çƒç‚¹ã€‚å°½ç®¡ç›®å‰åŸºäºŽå±žæ€§æ–¹å¼çš„ä¼ ç»Ÿè®¿é—®æŽ§åˆ¶åœ¨æ•°å—ä¿¡æ¯ç³»ç»Ÿä¸æœ‰è®¸å¤šåº”ç”¨ï¼Œä½†åŽŸæœ‰æŽˆæƒæ¨¡åž‹å·²ä¸èƒ½å¾ˆå¥½åœ°æ»¡è¶³ç‰ˆæƒä¿æŠ¤ç‰ç³»ç»Ÿçš„éœ€æ±‚ï¼Œå…¶å±€é™æ€§ä¸»è¦ä¸ºï¼š1ï¼‰è®¸å¯æ¨¡åž‹æ˜¯ä»Žç³»ç»Ÿçš„è§’åº¦å‡ºå‘ï¼Œä»¥åŸºäºŽä¸»ä½“-å®¢ä½“è§‚ç‚¹çš„è¢«åŠ¨å®‰å…¨æ¨¡åž‹æ¥ä¿æŠ¤èµ„æºï¼›2ï¼‰æŽˆæƒæ¨¡åž‹æ˜¯é™æ€çš„ï¼Œåœ¨æ‰§è¡Œä»»åŠ¡ä¹‹å‰ï¼Œä¸»ä½“å°±æ‹¥æœ‰æƒé™ï¼Œæ— æ³•è§£å†³åœ¨åŠ¨æ€åˆ†å¸ƒå¼ç³»ç»Ÿä¸‹æ•°å—èµ„æºçš„éžæ³•ä½¿ç”¨é—®é¢˜ã€‚é’ˆå¯¹çŽ°æœ‰çš„è®¿é—®æŽ§åˆ¶æ¨¡åž‹æ–¹é¢å˜åœ¨çš„ä¸è¶³ï¼Œæœ¬æ–‡æå‡ºäº†ä¸€ç§åŸºäºŽå±žæ€§RBACåŠå¸¦å§”æ‰˜æ€§è´¨çš„ä½¿ç”¨æŽ§åˆ¶æ¨¡åž‹çš„æ–°åž‹åŠ¨æ€è®¸å¯æŽˆæƒæ¨¡åž‹(å³Extended Usage Controlï¼ŒEUCON)ã€‚åœ¨EUCONæ¡†æž¶æ¨¡åž‹çš„åŸºç¡€ä¸Šï¼ŒåŸºäºŽåŒºé—´æ—¶åºé€»è¾‘è¯è¨€(å³Internal Temporal Logic, ITL)å»ºç«‹äº†EUCONçš„åŠ¨æ€é€»è¾‘æè¿°æ¨¡åž‹ã€‚ä¸ºä½¿EUCONå§”æ‰˜æœºåˆ¶èƒ½å¤Ÿæ”¯æŒæ›´çµæ´»çš„ç»†ç²’åº¦å§”æ‰˜ï¼Œæœ¬æ–‡æå‡ºäº†ä¸€ç§æ–°åž‹çš„åŸºäºŽæ˜ å°„æœºåˆ¶çš„ç»†ç²’åº¦RBACå§”æ‰˜æ¨¡åž‹(å³Fine-GrainedRole Delegation Model Based Permission Mapping Mechanismï¼ŒRDBMPM)ã€‚è§’è‰²ä½œä¸ºEUCONæ¨¡åž‹çš„ä¸€ä¸ªç»„æˆéƒ¨åˆ†ï¼Œè§£å†³å¥½åŸºäºŽè§’è‰²å±‚æ¬¡æ¥è¿›è¡Œæƒé™ç®¡ç†æ‰€å˜åœ¨çš„é—®é¢˜ï¼Œå°†ä¸ºEUCONæ¨¡åž‹çš„æƒé™ç®¡ç†å¥ å®šåŸºç¡€ã€‚é’ˆå¯¹åœ¨å¤§åž‹çš„åˆ†å¸ƒå¼åº”ç”¨ç³»ç»Ÿä¸ï¼Œè§’è‰²å±‚æ¬¡å·²ä¸èƒ½å¾ˆå¥½åœ°åæ˜ è§’è‰²çš„ç»„ç»‡ç»“æž„ï¼Œæœ¬æ–‡åœ¨å¯¹è§’è‰²çš„æƒé™ç±»åž‹ä¸Žè§’è‰²ä¹‹é—´çš„å…³ç³»è¿›è¡Œé‡æ–°åˆ†æžçš„åŸºç¡€ä¸Šï¼Œå¼•å‡ºäº†åŽŸåè§’è‰²çš„æ¦‚å¿µï¼Œæå‡ºäº†åŸºäºŽåŽŸåè§’è‰²æŽˆæƒè®¸å¯æ¨¡åž‹(å³Atom-Role-Based Access Controlï¼ŒATRBAC)ï¼Œä»Žè€Œå¤§å¤§å¢žå¼ºäº†EUCONæƒé™ç®¡ç†ç³»ç»Ÿçš„çµæ´»æ€§å’Œå®‰å…¨æ€§ã€‚EUCONæ¨¡åž‹ç»§æ‰¿äº†UCONæ¨¡åž‹çš„ä¼˜ç‚¹å¹¶åœ¨å±žæ€§ã€è§’è‰²ã€å§”æ‰˜ç‰æ–¹é¢å¯¹UCONæ¨¡åž‹è¿›è¡Œäº†æ‰©å±•å’Œå®Œå–„ï¼Œè¿™ä½¿å¾—EUCONæ¨¡åž‹èƒ½å¤Ÿæä¾›æ›´çµæ´»çš„è®¿é—®æŽ§åˆ¶ã€‚æœ€åŽï¼Œæœ¬æ–‡ç»™å‡ºäº†EUCONæ¨¡åž‹çš„ä¸€ä¸ªåº”ç”¨å®žä¾‹ï¼šæå‡ºäº†ä¸€ç§åŸºäºŽEUCONçš„æ•°å—ç‰ˆæƒä¿æŠ¤ç³»ç»ŸEUDRMPS(å³Extended Usge Control for DRM Protection System)ï¼Œä½“çŽ°äº†æ¨¡åž‹çš„å®žç”¨ä»·å€¼ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ With the development of network technology and the growing Internet applications, theissue of how to ensure network resources from unauthorized use and access has becomeincreasingly important. In recent years, research on access control has become a hot field oncomputer science. Although traditional attribute-based access controls have been widely usedin digital information systems, original authorization models canâ€™t meet some systemrequirements well such as copyright protection, and their main faults are as follows: firstly,most of these models are based on the subject-object, which use passive strategies to protectresources from the point of systems; secondly, authorization models are static, subjects canhave privileges before the implementation of tasks, which canâ€™t well solve the problem ofillegal use of digital resources in the dynamic, distributed system.Against the deficiencies of existing access control models, this paper proposed a modelcalled EUCON: based attribute-RBAC with character of delegation usage control model. Andthen, in order to formally describe the EUCON core model, a EUCON logic model based onInternal Temporal Logic (ITL) was proposed.Thirdly, for the purpose of ensuring thatEUCON model supports fine-grained delegation, this paper proposed a RDBMPM model: afine-grained role delegation model based on permission mapping mechanism. Role as a partof EUCON model, which can well solve the problem of rights management based on rolehierarchy, will lay the foundation for the modelâ€™s rights management. Role hierarchy canâ€™twell reflect the rolesâ€™ organization structure in the large-scale distributed applicationenvironments. Against above fault, this paper, by studing the role relationship and theirtransformation method, proposed the concept of atom role and constructed a newatom-role-based access control model, called ATRBAC, which enhances the flexibility andsecurity of EUCON model (or rights management system).EUCON model, which can provide more flexible access control, has inherited theadvantages of UCON model and expanded it in the aspects of attribute, role and delegationetc. Lastly, this paper gave an application case of EUCON model: extended usage control forDRM protection system (called EUDRMPS), which reflects the modelâ€™s utility value.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ ä¿¡æ¯å®‰å…¨ï¼› è®¿é—®æŽ§åˆ¶æ¨¡åž‹ï¼› EUCONï¼› ITLï¼› è§’è‰²å§”æ‰˜æ¨¡åž‹ï¼› RDBMPMï¼› ATRBACï¼›
ã€Key wordsã€‘ Information Securityï¼› Access Controlï¼› EUCONï¼› ITLï¼› Role Delegation Modelï¼› RDBMPMï¼› ATRBACï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ åŽå—ç†å·¥å¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€ä¸‹è½½é¢‘æ¬¡ã€‘152
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®