èŠ‚ç‚¹æ–‡çŒ®

è®¿é—®æŽ§åˆ¶æŠ€æœ¯ä¸Žæ¨¡åž‹ç ”ç©¶

The Research of Accesss Control Techniques and Methods

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ ç½—é‘«ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ åŒ—äº¬é‚®ç”µå¤§å¦ ï¼Œ å¯†ç å¦ï¼Œ 2009ï¼Œ åšå£«

ã€æ‘˜è¦ã€‘ éšç€ç½‘ç»œæŠ€æœ¯çš„å‘å±•å’Œç½‘ä¸Šç”µåå•†åŠ¡åº”ç”¨çš„å¢žåŠ ,ä¿¡æ¯å®‰å…¨é—®é¢˜æ—¥ç›Šå‡¸çŽ°,å½“ä»Šä¿¡æ¯å®‰å…¨æŠ€æœ¯ä¸»è¦åŒ…æ‹¬å¯†ç æŠ€æœ¯ã€èº«ä»½è®¤è¯ã€è®¿é—®æŽ§åˆ¶ã€å…¥ä¾µæ£€æµ‹ã€é£Žé™©åˆ†æžä¸Žè¯„ä¼°ç‰è¯¸å¤šæ–¹é¢ã€‚è®¿é—®æŽ§åˆ¶æ˜¯ä¸€ä¸ªå®‰å…¨ä¿¡æ¯ç³»ç»Ÿä¸‹ä¸å¯æˆ–ç¼ºçš„å®‰å…¨æŽªæ–½ã€‚è®¿é—®æŽ§åˆ¶å°±æ˜¯é€šè¿‡æŸç§é€”å¾„æŽˆæƒæˆ–é™åˆ¶å¯¹å…³é”®èµ„æºçš„è®¿é—®,é˜²æ¢éžæ³•ç”¨æˆ·çš„ä¾µå…¥æˆ–åˆæ³•ç”¨æˆ·çš„ä¸æ…Žæ“ä½œæ‰€é€ æˆçš„ç ´åã€‚è®ºæ–‡çš„ä¸»è¦å·¥ä½œä¸º:1.åœ¨å¯¹å¤šç§æ¨¡åž‹ç ”ç©¶çš„åŸºç¡€ä¸Š,ç»“åˆå·²æœ‰çš„æ¨¡åž‹çš„ä¼˜ç‚¹,é’ˆå¯¹å…¶å±€é™æ€§è¿›è¡Œäº†ä¸€äº›å…ƒç´ çš„å¼•å…¥å’Œæ‰©å……,è®¨è®ºæ‰©å±•äº†ç”¨é¢å‘å¯¹è±¡æ–¹å¼æè¿°çš„è®¿é—®æŽ§åˆ¶æ¨¡åž‹ã€‚2.è®¨è®ºäº†å¤šåŸŸçš„çŽ¯å¢ƒä¸‹RBACæ¨¡åž‹çš„åº”ç”¨,å¹¶å¯¹å…¶åº”ç”¨ä¸äº§ç”Ÿçš„å†²çªè¿›è¡Œäº†å®šä¹‰å’Œåˆ†ç±»,åŒæ—¶ç»™å‡ºäº†å†²çªçš„æ£€æµ‹ç®—æ³•ã€‚3.é’ˆå¯¹ç”¨æˆ·è¡Œä¸ºæ¨¡åž‹,åˆ†æžäº†ç–ç•¥å’Œè¡Œä¸ºçš„å…³ç³»,å°†è®¿é—®æŽ§åˆ¶ç³»ç»Ÿä¸çš„ç”¨æˆ·è¡Œä¸ºå’Œç®¡ç†è¡Œä¸ºåˆ†ç¦»ã€‚å°†è¿™ä¸¤ç§è¡Œä¸ºç½®äºŽåŒä¸€æ¨¡å¼çš„ç–ç•¥ç»„ç»‡ä¹‹ä¸‹ã€‚4.ç»™å‡ºäº†æ‰©å±•ç”¨æˆ·è¡Œä¸ºæ¨¡åž‹çš„å»ºè®®è§„åˆ™,å¹¶æ ¹æ®å»ºè®®è§„åˆ™çš„å†…å®¹,è®¨è®ºè¯æ˜Žäº†ç³»ç»Ÿå…³äºŽç–ç•¥çš„ä¸€è‡´æ€§ã€æ£ç¡®æ€§åŠå®Œå¤‡æ€§ã€‚5.ç»“åˆUCONæ¨¡åž‹åŠä¿¡ä»»ç®¡ç†å„è‡ªçš„ä¼˜åŠ¿,é’ˆå¯¹å§”æ´¾å…³ç³»,æè¿°äº†åŸºäºŽç”¨æˆ·è¡Œä¸ºåŠä¿¡ä»»åº¦çš„ä¿¡ä»»ç®¡ç†(UTCDM-controllabledelegation model based on usage and trustworthiness),è¯¥æ¡†æž¶å®žçŽ°äº†å˜å–è®¿é—®æŽ§åˆ¶ä¸å®¢ä½“ã€æ“ä½œçº§åˆ«çš„å¤šåŸŸçš„çŽ¯å¢ƒä¸‹çš„å§”æ‰˜å…³ç³»æè¿°,é€šè¿‡å¯¹å®¢ä½“åŠæ“ä½œçº§åˆ«çš„ä¿¡ä»»åº¦é˜ˆå€¼è¡°å‡è®¡ç®—å¯¹ä¼ æ’æ·±åº¦å¹¿åº¦è¿›è¡ŒæŽ§åˆ¶,å¹¶ç»™å‡ºäº†åŒ…å«ä¿¡ä»»å…³ç³»å…¨éƒ¨è¦ç´ çš„ä¿¡ä»»å›¾çš„æž„é€ æ–¹å¼ã€‚ä»‹ç»äº†åŸºäºŽå§”æ‰˜å†…å®¹ç”¨æˆ·è¡Œä¸ºçš„ä¿¡ä»»é“¾æŸ¥æ‰¾,ç»™å‡ºäº†åœ¨æ¤åŸºç¡€ä¸Šçš„ä¿¡ä»»å›¾çš„æŸ¥æ‰¾å‘çŽ°ç®—æ³•ã€‚6.åœ¨å¼€æ”¾ç½‘ç»œçŽ¯å¢ƒä¸,è¿ç”¨ç”¨æˆ·è¡Œä¸ºåŠæ¨¡ç³Šç†è®ºå¯¹ä¿¡ä»»æ¡†æž¶è¿›è¡Œäº†å»ºæ¨¡ã€‚ç»™å‡ºäº†ä¿¡ä»»çš„å®šä¹‰å’Œä¿¡ä»»çš„è®¡ç®—æœºåˆ¶åŠç›¸å…³ç®—æ³•ã€‚æå‡ºçš„ä¿¡ä»»çš„æŽ¨å¯¼ç®—æ³•å…·æœ‰å¾ˆå¥½çš„å¯¹æ¶æ„èŠ‚ç‚¹çš„å±è”½èƒ½åŠ›,å¼•å…¥äº²ç–ç³»æ•°çš„æ¦‚å¿µ,åŒæ—¶è§£å†³äº†æ¶æ„èŠ‚ç‚¹çš„å®šä¹‰æ–¹å¼ä»¥åŠä¿¡ä»»ç½‘ç»œåˆšå»ºç«‹æ—¶,å„èŠ‚ç‚¹ä¿¡ä»»åº¦åˆå§‹åŒ–çš„é—®é¢˜ã€‚7.æ‰©å±•äº†äº‘æ¨¡åž‹å¯¹ä¿¡ä»»çš„å½¢å¼åŒ–å®šä¹‰ã€‚è®¨è®ºäº†äº‘æ¨¡åž‹å„å‚æ•°å¯¹ä¿¡ä»»åº¦è®¡ç®—çš„å½±å“ã€‚é€šè¿‡å¼•å…¥æ—¶é—´è¡°å‡ç³»æ•°åŠè¡Œä¸ºå½±å“ç³»æ•°,è¾ƒå¥½åœ°è§£å†³äº†ä¿¡ä»»çš„æ¨¡ç³Šæ€§éšæ—¶é—´åŠè¡Œä¸ºå˜åŒ–çš„åŠ¨æ€æ€§çš„ç‰¹ç‚¹ã€‚æœ¬æ–‡ä»Žå¯¹è±¡åŒ–è®¿é—®æŽ§åˆ¶æ¨¡åž‹,åŸºäºŽç”¨æˆ·è¡Œä¸ºæ¨¡åž‹çš„ç–ç•¥ç ”ç©¶,å¼€æ”¾ç½‘ç»œçŽ¯å¢ƒä¸‹çš„ä¿¡ä»»ç®¡ç†æ¨¡åž‹å‡ ä¸ªè§’åº¦,å¤šæ–¹ä½åœ°å¯¹è®¿é—®æŽ§åˆ¶ç†è®ºå’Œæ–¹æ³•è¿›è¡Œäº†è¾ƒä¸ºæ·±å…¥çš„ç ”ç©¶ã€‚æ–‡ä¸æå‡ºçš„è®¿é—®æŽ§åˆ¶æ¨¡åž‹é’ˆå¯¹åŽŸæœ‰æ¨¡åž‹çš„é—®é¢˜,æå‡ºäº†æœ‰ç›Šçš„æ”¹è¿›,éƒ¨åˆ†æˆæžœåº”ç”¨åœ¨å®žé™…çš„ç³»ç»Ÿå»ºè®¾ä¸,æé«˜äº†è®¿é—®æŽ§åˆ¶ç³»ç»Ÿçš„æ•ˆçŽ‡,å‡å°‘äº†ç®¡ç†äººå‘˜çš„å·¥ä½œé‡ã€‚å¯¹äºŽå…¶ä»–ç±»ä¼¼ç³»ç»Ÿçš„å»ºè®¾ä¹Ÿå…·æœ‰ä¸€å®šçš„æŒ‡å¯¼æ„ä¹‰ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ Due to the popularity of the Internet and electronic commerce information security becomes more and more important. Generally speaking, information security includes intrusion detection, encryption, authentication, access control and auditing.Access control is the indispensable measure in a safety information system. Access control is the way to allow or restrict the access to resources. By using access control system the damage caused by the invalid login or the miss-operation can be avoided.The major contents in the paper are listed as follows:1. Analyze the shortcomings of the existed access control models, discuss the safety and the flexible, research the attributed-based model, the access control model is described by object-oriented technique.2. Discuss the application of RBAC model in multi-environment, group the violation of the application into the different clusters and definitions. Present the method how to solve the problem about conflict. 3. Present a new model based on the usage control model. The new extended model which is based on the formalization of the authorization, study class and application of the strategy, separate the administration from the usage.4. Present the suggestion rules of the extended usage control model. Based on the content of the rules, the coherence, correctness and the maturity can be proved easily.5. A controllable delegation model based on usage and trustworthiness (UTCDM) which is suitable for open environment is presented. An approach for controlling the depth of delegation focusing on the objects and the rights is discussed. The method of direct authorization for relationship of delegation is provided.6. In open network, the usage and fuzzy set theory have been used to model the issues of trust management. The definition of trust class and the algorithm of trust-computing are discussed. By presenting the affinities coefficient, the derivation algorithm of trust has a good ability of shielding on malicious nodes.7. The cloud model is extended to define the trust model information and the parameters are discussed in detail. By proving the time decay coefficient and usage effecting coefficient, the fuzziness and dynamic variation characters are considered and resolved.This paper discusses the object-oriented access control model; research the model which is based on usage control and the trust management in the open network. These models which are presented by this paper solve and improve the original model. The characteristics of the new models include flexibility, power expression ability, and strong usability.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ è®¿é—®æŽ§åˆ¶ï¼› é¢å‘å¯¹è±¡å»ºæ¨¡ï¼› ç”¨æˆ·è¡Œä¸ºï¼› ä¿¡ä»»ï¼› å‡è¯å›¾ï¼›
ã€Key wordsã€‘ access controlï¼› object orientedï¼› usage trustï¼› credential graphï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ åŒ—äº¬é‚®ç”µå¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘18
ã€ä¸‹è½½é¢‘æ¬¡ã€‘955
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®