节点文献
企业级协作环境中访问控制模型研究
Research on Access Control Modeling in Enterprise-Level Collaborative Environment
【作者】 翟治年;
【导师】 奚建清;
【作者基本信息】 华南理工大学 , 计算机应用技术, 2012, 博士
【摘要】 访问控制是保证信息安全的基本手段之一。它可划分为主/被动两种范型:前者面向业务过程,后者以系统为中心。由于企业应用往往需要满足复杂多样的业务/协作需求,并可能涉及大规模的主/客体对象,其访问控制组件应当提供灵活透明的安全服务,并支持可伸缩易维护的安全管理。本文将从这两个角度来研究企业环境中的主被动访问控制问题,主要工作如下:1.提出了一种基于组织-角色的访问控制模型。它以具有实体、管理和全局三种附加属性的组织-角色关联为授权依据,定义了组织-角色特化/管理两种关系作为其权限继承机制,不仅为分布式同构性组织中的授权提供了极强的伸缩性,还能描述层次性组织中某些灵活的授权策略。进而,该模型能够刻划细粒度的职责分离约束,并通过泛化的语义来简化类似约束的表达。通过在一个B2B实例上与相关工作比较验证了模型的优势。2.提出了一种基于任务状态的访问控制模型,以克服基于任务的访问控制粒度较粗,过于僵化,可能反过来干扰业务过程建模的问题。给出了该模型的CPN仿真方法,既能刻划主体职责分离,又可以支持定义在工作流应用数据上的多种权限,克服了现有仿真方法描述能力不足的问题。通过一个定制开发工作流验证了模型的协作概念及其仿真方法的可行性。3.现有的工作流委托模型中,时间限制过于僵化,不能适应执行状态的变化。为此基于任务状态的线性序列,提出一种对时间和状态混合上下文敏感的委托特性。首先通过事件和条件给出委托请求的语法描述,然后通过赋值和上下文刻划事件和条件的形式语义,给出委托请求的时态一致性标准。为了在系统内部处理委托请求,给出事件和条件的范式,证明了一组有关的性质和定理。进而得出事件和条件的正则化、比较和检测算法。最后,综合前面的结论与算法,建立了委托验证和执行的处理过程。通过一组例子验证了委托语法的表达能力和内部处理机制的可行性。与各种通用事件模型相比,本文的委托语法面向特定需求,简明易用,更容易向终端用户普及。另外,将事件与条件分开建模,严格保证事件的瞬时性,可以避免检测语义应用不当带来的逻辑缺陷。4.为解决主动访问控制模型中普遍和长期存在的任务间重复授权问题,并保持对任务内多角色协作的支持,提出了基于任务-角色关联的访问控制方法。通过对传统的角色-任务指派关系进行深入挖掘,定义了职能关联概念及其特化与管理关系;根据职能关联的分量和属性给出其两种关系的推导规则,并按两种关系上的继承性区分业务性和管理性授权,从而建立了可自动配置的授权继承结构。进而定义了细粒度可泛化的职责分离约束。软件开发和论文评审工作流上的相关工作比较表明,该模型可以有效化简任务间的重复授权。5.基于任务分类和角色层次的三步授权机制集成了主被动两种访问控制范型,但任务间重复授权,多种角色层次上的任务继承性冲突,任务约束重复表达等问题严重影响了有关模型的伸缩性。为此提出一种增强的主被动集成访问控制模型。首先,通过可扩展的角色层次划分细化了主/被动任务的分类,可以灵活地简化多种任务分配关系;其次,引入基于任务泛化的授权继承和约束覆盖机制,可以有效减少任务之间的重复授权和约束;第三,通过一组正确和完备的语义覆盖规则,为自动约束化简等提供了依据;最后给出多粒度权限激活机制和动态互斥的冗余检测算法,以消除不必要的访问检查开销,降低伸缩增强可能带来的效率损失。通过一个软件项目实例验证了模型的授权和约束伸缩性。
【Abstract】 Access control is one of the essential means to secure information security. It could bedivided into the two of active/passive ones: the former is business-oriented and the latter issystem-centric. In enterprise applications, normally complex and various business/collaboration requirements should be met, and large-scaled subjects/objects might be involved.Therefore in their access control components, not only flexible and transparent securityservices should be provided, but also scalable and maintainable security administration shouldbe supported. In this paper the enterprise-oriented active/passive access control issue will beaddressed from these two perspectives. The main work of this paper includes:1. An organizations-role association based access control model is proposed. Anorganization-role association with the additional attributes of actuality, management andglobality are used as the basis of authorization, and the specialization/management relationsamong organization-roles are defined as its permission inheritance mechanisms. Not onlyoutstanding authorization scalability is provided in distributed homogeneous organizations,but also some flexible authorization policies could be represented in hierarchicalorganizations. Furthermore fine-grained Separation of Duties (SoD) constraints could berepresented, and the expression of similar constraints could be simplified through generalizedsemantics. The superiority of this model is validated by comparison with related work using aB2B example.2. A task-state based access control model is proposed to overcome the defect that taskbased access control is somewhat coarse-grained and inflexible such that the modeling ofbusiness processes might be interfered in turn. A Colored Petri Net (CPN) simulation methodis present for the model. The expression power of existing simulation methods is enhanced:the SoD among subjects could be represented; at the same time multiple permissions definedon workflow application data could be supported. The feasibility of the model’s collaborationconcept and its simulation method is validated on a workflow of customizing development.3. In existing delegation models for workflow, time constraints are too fixed to adapt tothe executing states. To address this issue, a kind of delegation feature with time and statemixed context sensitivity is proposed on basis of the linear sequence of task executing states.First, the syntax of a delegating request is described in terms of event and condition. Next, theformal semantics of events and conditions is illustrated with the concepts of assignment andcontext, and then the temporal consistency of a delegating request is defined. To processdelegating requests internally, the regular forms of events and conditions are defined, and some related properties and theorems are proved. Then the regularizing, comparing anddetecting algorithms are given for events and conditions. Eventually, the processing flow forthe validation and enactment of delegations is built. Using a group of examples, theexpression power of the delegation syntax and the feasibility of the internal processingmechanism are validated. Comparing to those general event models, the delegation syntax isquite easier to use and popularize since it is oriented to specific requirements. Moreover, thelogic defects caused by the inappropriate application of the detection semantics are avoidedbecause events and conditions are modeled respectively and the instantaneity of events isensured.4. A task-role association based access control approach is proposed to address thewidespread and long-stand issure of repetitive authorizations among tasks in active accesscontrol models and to support the collaboration of multiple roles within a task at the sametime. The definition of function association with specialization and management relations isgiven by deeply analyzing the traditional relation of role-task assignment. Inference rulesabout the two relations on function associations are obtained from the components andattributes of function associations, and then authorizations are divided into two types ofbusiness and management based on the inheritance on the two relations. Thusauto-configurable authorization structures are established. Furthermore, the fine-grained andgeneralizable SoD constraints are defined. Comparisons with related work on the workflowsof software development and paper review show that repetitive authorizations among taskscould be effectively reduced.5. The task classification and role hierarchy based3-steps authorization integrates the twoaccess control paradigms of active and passive ones. But the scalability of the related modelsis degraded remarkably by repetitive authorizations between tasks, confliction between taskinheritances along multiple role hierarchies, repetitive expressions of task constraints.Therefore an enhanced active/passive integrated access control model is proposed in thispaper. First, the classification of active/passive tasks is fine-grained through extendablesubdivision of role hierarchy, thus many kinds of task assignments can be simplifiedoptionally. Secondly, task generalization based authorization inheritance and constraintcoverage mechanisms are introduced, thus repetitive authorizations and constraints can beeffectively reduced. Thirdly, a group of semantic coverage rules of completeness andsoundness are presented, which provide grounds for automatic constraints simplification, etc.Finally, multiple-granularity permission activation mechanism and dynamic exclusionsredundancy detecting algorithm is presented to remove unnecessary cost in access checking and to compensate efficiency loss which might be brought by scalability enhancing. Theauthorization and constraint scalability of this model is validated using an example ofsoftware project.
【Key words】 enterprise; access control; workflow; task; role; scalability;