基于XACML的量化风险自适应的访问控制研究与实现

【作者】 郑琪；

【导师】 韩伟力；

【作者基本信息】 复旦大学 ， 计算机软件与理论， 2011， 硕士

【摘要】 在现在信息和知识驱动的信息化环境中,数据在各个组织内部及之间进行流动的速度逐步加快,在出现紧急情况的时候需要能迅速地决定对敏感数据的访问,并保证这些敏感信息不被无意或者恶意泄露,这就要求应用系统具有较高的灵活性以适应这种动态性。因此,现在的信息化应用越来越需要动态的访问控制策略及相关的实现机制。本论文研究了基于XACML的量化风险自适应的访问控制的方法和技术,以实现可以灵活调整的动态访问控制系统。本系统在访问控制系统中引入风险管理思想,通过量化访问的风险值并在系统中对风险进行管理和监控,通过有效的风险控制实现动态访问控制。本论文接下去结合当前访问控制策略语言事实上的标准XACML,充分发掘其强大的访问策略表达能力,在不改变访问请求语义的情况下引入量化风险的控制功能。同时论文扩展XACML框架,利用XACML中的Obligation模块在系统中加入持续的风险控制机制,实现了量化风险自适应的访问控制。最后,论文通过实验评估论证了基于XACML实现量化风险自适应的访问控制是一种灵活有效的访问控制方法和技术。更多还原

【Abstract】 In the today’s information and knowledge driven digital environment, there is an increasing requirement to accelerate the speed of information sharing across all types of organizations. When external events occur, the system is required to adjust the way of information dominance. Meanwhile sensitive information must be protected from unauthorized disclosure. The access control mechanism, therefore, has to be flexible to fit the dynamic situation. Today’s applications need dynamic access control policies and their relevant implementations.In this paper we research the XACML-based quantified risk-adaptive access control system which is a dynamic and convenience to be adjusted according to the changing environment. We bring risk management to the access control system. By means of quantifying the access’s risk and managing the risk in the system we effectively combine the access control with risk management. The system takes access control through effective risk management.Besides, our approach uses XACML, which is actually the general standard language in the field of access control, to implement our solution. This paper taking full use of XACML’s great ability of expression in access control policies, adds functions of controlling quantified risk to the access control system without changing the semantic of request. This paper also extends the framework of XACML to implement the quantified risk-adaptive access control by adding durative access control mechanism which depends on Obligation module in XACML. Finally, we use experiments to demonstrate that XACML-based quantified risk-adaptive access control is an efficient, flexible, dynamic access control system.更多还原