摘要
信息安全领域中的访问控制技术为信息安全增加了一道坚固的屏障,但现有的访问控制技术更注重在用户取得授权之前对用户进行合法性校验和信任度评估,合法用户一经授权便在整个访问周期里都拥有完整权限,合法用户拿到权限后即使进行非法操作也无法对其权限进行收回。该文提出了一种面向访问过程的动态访问控制(access process oriented dynamic access control,APODAC)模型,该模型在原有基于角色控制模型(RBAC模型)的基础上引入用户风险等级评估、权限动态调整等一系列方法,实现了用户基于角色取得最大权限的情况下对用户权限进行实时监控与调整。最后给出了APODAC模型的体系架构,同时还给出了用户行为序列的构建策略、用户风险等级模糊推理器架构以及动态授权算法。APODAC模型实现了访问过程的权限动态控制,为动态权限访问控制提供了新思路。
The access control technology in the field of information security adds a solid barrier for information security,but the existing access control technology pays more attention to the legitimacy verification and trust evaluation of users before they are authorized.Once authorized,legitimate users have full permissions in the whole access cycle.Even if they do illegal operations,their permissions cannot be withdrawn.We propose an access process oriented dynamic access control model(APODAC model).This model introduces user behavior evaluation parameters on the basis of the original role-based control model(RBAC model),and realizes the real-time monitoring and adjustment of user permissions when the user obtains the maximum permissions based on the role.Finally,the architecture of APODAC model is given,and the construction strategy of user behavior sequence,the architecture of user risk level fuzzy inference and dynamic authorization algorithm are also given.APODAC model implements dynamic access control,which provides a new idea for dynamic access control.
作者
胡文瑜
陈金波
HU Wen-yu;CHEN Jin-bo(School of Computer Science and Mathematics,Fujian University of Technology,Fuzhou 350118,China;Fujian Provincial Key Laboratory of Big Data Mining and Applications,Fuzhou 350118,China)
出处
《计算机技术与发展》
2022年第4期92-96,108,共6页
Computer Technology and Development
基金
国家重点研发计划子课题(2018YFC1201103)。
关键词
访问控制
动态权限
行为评估
基于角色访问控制模型
模糊推理
access control
dynamic permissions
behavior assessment
role-based access control model
fuzzy inference
