【作者】 汤铸；

【导师】 鞠时光；

【作者基本信息】 江苏大学 ， 计算机应用技术， 2008， 硕士

【摘要】 空间数据库和基于移动用户位置的信息服务正得到日益广泛的应用,对访问控制模型也具有特殊要求:用户地理位置的变化通常会引起用户权限的动态变化。因此,空间信息在访问控制模型中是一个关键的上下文参数。然而,传统的访问控制模型(如,强制访问控制、自主访问控制、基于角色的访问控制)都是典型的非上下文敏感的,它们需要复杂而又静态的认证基础设施。因此,不能够适应空间数据库的访问控制要求。为了满足上述要求,需要提出一种支持空间能力的访问控制模型。在位置感知的应用程序中,用户经常被分组为不同类别,因此基于角色访问控制(RBAC)模型是个合理的选择。在空间环境下,角色所具有权限的施用受到角色作用域的制约。只有当用户所处的当前空间位置在其所扮演角色的空间域范围内才能被授予对客体的操作权限。系统在进行访问控制决策时必须根据客体和用户的空间位置来授予或取消权限。将现有的RBAC模型应用到空间数据的访问控制时,必须对其进行改进,增加对空间数据安全特性的支持。以适应空间数据库中用户权限与其所处空间位置之间的映射关系。本文以空间数据库管理系统PostgreSQL(以下简称PG)为平台,研究支持空间特性的角色访问控制模型Spatial-RBAC(SpatialRole-Based Access Control)的特性,以增强RBAC模型对空间特性的描述能力,丰富和完善空间数据库安全理论,为军事、银行、证券等信息敏感行业建立更为严密的信息安全防护体系奠定理论基础。具体研究内容包括:(1)根据约束集的可满足性、无互斥、无冗余等要求,定义了在空间环境下的空间区域约束、空间职责分离约束和空间角色激活基数约束。并给出了各种约束的形式化描述;(2)详细研究了空间职责分离约束的实施策略,使用最小空间互斥角色约束作为实施机制,能有效避免冗余约束准确实施空间职责分离约束;(3)根据互斥用户集、互斥角色集、互斥权限集,构建了具体的空间约束库;(4)研究了空间约束的触发机制,当用户在一个空间区域内建立会话,如果存在与该会话相关约束,系统自动触发该约束,控制会话运行。如果不存在与该会话相关约束,则会话一直运行到结束或有其他会话中止当前这个会话为止。从而最终建立一个精确、通用、空间描述能力强的Spatial-RBAC模型。(5)从访问控制策略方面对PG的设计方案进行阐述,提出了一种基于空间角色的数据库访问控制系统方案,该方案将Spatial-RBAC模型嵌入到PG服务器端的访问代理程序中,整个系统由授权管理和访问代理两个子系统组成,增强了PG的访问控制能力。更多还原

【Abstract】 Securing access to data in location-based services and mobile applications pose interesting security requirements against spatially aware access control systems.In particular,the permissions assigned to users depend on their physical positions in a reference space.However,traditional access control model does not specify these spatial requirements.To deal with the requirements listed above,an access control model with spatial capabilities is needed.Since in location-aware applications users are often grouped in distinct categories,RBAC models represent a reasonable choice.Under spayial environment,the permissions assigned to users depend on their position in a reference space;users often belong to well defined categories;objects to which permissions must be granted are located in that space;access control policies must grant permissions based on object locations and user positions.It is necessary to study RBAC further.In this paper,we extend the existing RBAC model and propose the Spatial-RBAC model that utilizes spatial and location-based information in security policy definitions.Based on PostgreSQL,we extend the existing RBAC model and propose the Spatial-RBAC model that utilizes spatial and location-based information in security policy definitions,in order to strengthen the capability of safety expression for RBAC with spatial characters,optimize the theory of secure DBMS and afford the theory to build the stricter system for bank,bond and military.Our contributions in this paper are as follows.(1) According to the analysis of the location feature of a spatial object,combining the necessity of spatial constraints and the non-conflict condition of spatial constraints with the satisfiability of spatial constraints sets and relevance between the different classes of constraints,the constraints with spatial characters are divided into three different classes:the constraints on spatial region,spatial separation of duty constraint and constraints on cardinality of spatial role activation.We also formalize all the constraints with spatial characters.(2) There are often multiple Mutually Exclusive Spatial Roles(MESR) constraints that can enforce the same Spatial Separation of Duty policy(SSoD). Although the different MESR constraints can enforce the same effect on the same session,we have found that the different MESR constraints are varying greatly in the enforcement efficiency.The more precise the MESR sets are defined for enforcing an SSoD policy,the less overhead the system is suffered.In this paper,we argue that enforcement of SSoD policies is realized by specifying minimal MESR constraints. By comparing the different MESR constraints which can enforce the same SSoD,we conclude the minimal MESR constraints can avoid redundant restrictiveness effectively and enforce the SSoD policy precisely.We also present an algorithm that generates all minimal MESR constraints that are precise for enforcing one SSoD policy.(3) According to conflict set of users,conflict set of roles and conflict set of permissions,constraints base are constructed.(4) When a session is established in a spatial region by users,the related constraints concern on this session will be triggered and control the session process during its life automatically.On-When-Then-Else authorization rules(or enhanced ECA rules) are used for enforcing RBAC with spatial characteristics.We show the mapping between the basic elements in RBAC with spatial characteristics and the OWTE rule specification.We establish OWTE rules as an enforcement mechanism for the realization of role-based constraint with spatial characteristics at different granularities.(5) We have proposed a system schema that performs database access control base on spatial role according to the spatial DBMS PostgreSQL.The schema embedded the access control function into an access agent program of the server to control user’s access to database resource with a high degree of granularity.The system consists of the privilege management subsystem and the access agent subsystem,which improves the security of PostgreSQL.更多还原