【作者】 崔永泉；

【导师】 洪帆；

【作者基本信息】 华中科技大学 ， 计算机软件与理论， 2007， 博士

【摘要】 协作计算把网络汇集的计算资源、数据资源、软件资源等各种资源和系统组合起来,以实现资源共享、协同工作和联合计算,为各种用户提供基于网络的各类综合性服务。在这样开放式的协作环境中,系统的安全面临严峻挑战,而访问控制是关健问题之一。传统的访问控制是在集中式环境的背景下开发的,难以应用于协作环境。当前的研究集中在基于角色访问控制的扩展、信任管理和上下文信息等方面,并且取得非常重要的进展,但仍存在许多问题有待解决。因此,对若干关键技术进行深入研究,既具有理论意义亦具有实用价值。以分布式的医疗信息系统为例,针对隐私敏感的信息需要安全保护问题,基于使用控制的可管理模型可以解决多种主体之间的并行控制、系列控制和使用控制的问题,并且为协调分布式的现代信息系统中多主体之间错综复杂关系,提供综合性控制和管理的良好框架。从安全目标、安全模型、体系结构和相关安全机制等四个层次从上至下的对隐私保护问题进行了全方位的研究。这种分层的方法有助于为解决多主体多方向的访问控制问题提供一个有效的整体安全解决方案。多域环境的异构、动态和区域自治的特点为安全互操作访问控制研究提出了新的挑战。近来在多域安全互操作访问控制方面做了大量研究,大多在单域内基于角色访问控制的前提下,将外域角色映射到本地角色来实现访问控制,在外域和本地角色的管理上缺乏系统化的统一。多域安全互操作的可管理使用控制模型,通过义务组件的定义,对外域和本地用户角色指派进行统一管理,并且弥补了原有模型的安全漏洞。该模型提供了足够的灵活性,可以区分外域用户和本地用户,从而对外域用户实施更为严格的控制,同时保留了传统RBAC模型的优点。设计和实现了一个原型系统,初步验证了模型的有效性。网格环境中多节点的异构性、复杂的互操作协调机制、动态变化的特点决定其需要灵活、易于扩展和细粒度的授权机制。现有的模型大多在相对静止的前提下,基于主体的标识、组和角色信息进行授权,缺乏具体的上下文信息和灵活的安全策略。网格环境下基于使用控制和上下文的动态访问控制模型兼顾了传统的静态授权和依据上下文信息对主体的动态权限控制。该模型具有较强的表达能力,能够实施多重综合性和复杂多变的安全策略,适合网格环境下多种复杂的访问控制安全策略相互融合的安全需求,并且为网格环境提供一个可重用的、支持互操作的和通用的访问控制框架。实现了一个原型系统,以验证模型的效率和易于实现性。普适计算是物理世界与信息空间的天衣无缝的融合,用户、设备在环境中的物理位置以及上下文信息是和计算服务紧密结合的。传统的安全机制不能解决普适计算下动态和全新的安全问题。普适计算环境下基于上下文的使用控制模型采用信任协商解决安全认证问题,对基本的使用控制模型进行了扩展,不仅能够根据主体静态的安全属性进行授权方面的管理,而且在条件组件中对上下文信息进行了综合性的分析和运用,能够动态的调整主体访问服务的权限。更多还原

【Abstract】 In order to implement resource sharing, work together, collaboration computing gathers all kinds of computing, data, and software resources and system and provides synthesis service for user around network. System security will be faced with austere challenges in open and collaboration environment and access control is a key factor. Traditional access control models are developed for concentration environment and are difficult to apply into open and collaboration environment. Based on trust management (TM), extension of role-based access control and context aware technologies, some research work has been done. Unfortunately, there remain many challenging problems. So some key technologies of access control in open and collaboration environments are investigated in the thesis.In today’s dynamic distributed digital environment, traditional one-way control no longer provides adequate trustworthiness. Based on the usage control model, a comprehensive access control model called Administrative Usage Control model (AUCON) model is proposed, which resolves access control problem for Parallel Control, Series Control and Usage Control. This model provides a formal model which can control the provider subject to issue ticket for consumer subject and monitor the access of consumer to privacy-sensitive object. The architecture section presents formal structural ways in which appropriate mechanisms can be implemented to achieve predefined security objectives. The problem is described in detail from security Object and security Model to Architecture and Mechanisms and this layered approach provides a whole effective security solution for privacy protection problem.The heterogeneous, dynamic and self-governing in local domain nature of multi-domains environments introduces challenging security issues. Despite the recent advances in access control approaches applicable to secure interoperability between multi-domains, there remain issues that to perform role-based access control model in one domain and implement security interoperability by translating role of foreign domain to local role. Amongst them are the lacks of uniform administration for role of foreign and local domain. An access control scheme named Administrative Usage Control (AUCON) are proposed, which corrects the security shortcoming of previous model and administrates user-role assignment for local and foreign domain with untie method. This model provides flexible enough mechanism to distinguish user of foreign and local domain and enforces more strict control for foreign user, while retaining the advantages of traditional RBAC model. Due to inherent heterogeneity, complicated interoperability mechanism and highly dynamic nature, grid environment requires scalable, flexible, and fine-gained access control mechanism. Despite the recent advances in access control for grid application do address important aspects of the overall authorization, these efforts focus on the pre-defined access control policies where authorization depends on identity or role of the subject. However, they are lacks of flexible approaches to adapt the dynamically security request. Based on usage control model, a dynamic access control model named Dynamic Context_aware Grid Usage Control model (DC_GUCON) are proposed. In this model, authorization component evaluates access requests based on subject attributes, object attributes and requests. While conditions component dynamic grants and adapts permission to the subject based on a set of contextual information collected from the user and system environments. As a proof-of-concept, a prototype system based on this architecture are developed and implemented to demonstrate the feasibility and performance of this model.Pervasive computing is the integration of cyberspace and physical space. In this incorporated space, users can obtain digital services non-intrusively anytime and anywhere. However, the ubiquitous and mobile environment introduces a new security challenge and traditional security mechanisms are not suited for problems occur in pervasive computing environment. A access control model named Pervasive computing Context_aware Usage Control model (PC_UCON) are proposed, which extends usage control model and resolves authentication with automated trust negotiation technologies. In this model, authorization component actualizes authorization manager based on static security attributes and requests. While conditions component dynamic grants and adapts permission to the subject based on a set of contextual information. .更多还原