以社区域为中心基于信任的访问控制

doi:10.3969/j.issn.1000-436x.2013.09.001

摘要/Abstract

摘要：

智能服务agent基于上下文感知的交互与协作为数字社区提供动态服务的同时，也带来了安全访问问题。在综合分析数字社区中 agent的信任、社区域内外协作等特征的基础上，提出以社区域为中心基于信任的访问控制模型，即依据 agent 自身上下文及信任证书建立社区域，其后信任等级随会话动态调整，通过信任等级与信任阈值的匹配关系有效地控制权限的激活和使用。与最新研究成果相比，该模型突出的特点是实现动态权限控制，同时满足社区域内及社区域间角色的安全交互与协作。

关键词: 数字社区, 智能体, 信任, 协作, 访问控制

Abstract:

Context-aware interaction and cooperation among agents provids digital community services.However,it also brings new problems of secure access.A novel community field-centric trust-based access control model (referred to as the CTBAC) was developed by thoroughly considering both the trust level of agent and the cooperation among agents inside and outside of community fields in digital commun ty.There are two novel ingredients.Firstly,a community field was established in terms of agent’s own contexts and trust certificate.Thus,the trust level could be dynamically adjusted based on the sessions.Secondly,the activation and use of access control permissions according to the match relationship between the trust level of agents and trust threshold.The proposed CTBAC model was compared to several access control models and its effectiveness in both dynamic permission control and security protection was demonstrated.

Key words: digital community, agent, trust, cooperation, access control

姚志强,熊金波,马建峰,李琦,刘西蒙. 以社区域为中心基于信任的访问控制[J]. 通信学报, 2013, 34(9): 1-9.

Zhi-qiang YAO,Jin-bo XIONG,Jian-feng MA,Qi LI,Xi-meng LIU. Community field-centric trust-based access control model[J]. Journal on Communications, 2013, 34(9): 1-9.

图/表 7

图1

图2

图3

图4

图5

图6

表1

参考文献 25

[1]	JUNG Y , JOSHI J B D . CRiBAC:community-centric role interaction based access control model[J]. Computers ＆ Security, 2012,31(4): 497-523.
[2]	KUMAR M,SHIRAZI B A , DAS S K , et a l . PICO:a middleware framework for pervasive computing[J]. IEEE Pervasive Computing, 2003,2(3): 72-79.
[3]	JUNG Y , KIM M . Situation-aware community computing model for developing dynamic ubiquitous computing systems[J]. Journal of Universal Computer Science, 2010,16(15): 2139-2174.
[4]	SANDHU R S , COYNE E J , FEINSTEIN H L . Role-based access control models[J]. IEEE Computer, 1996,29(2): 38-47.
[5]	JUNG Y , KIM M , MASOUMZADEH A ,et al. A survey of security issue in multi-agent systems[J]. Artificial Intelligence Review, 2012,37(3): 239-260.
[6]	JUNG Y , MASOUMZADEH A , JOSHI J B D ,et al. RiBAC:role interaction based access control model for community computing[A]. Proceedings of the 4th International Conference on Collaborative Computing:Networking,Applications and Worksharing (CollaborateCom’08)[C]. Orlando,FL,USA, 2009,10(3): 304-321.
[7]	郎波 . 面向分布式系统访问控制的信任度量化模型[J]. 通信学报, 2010,31(12): 45-54. LANG B . Access control oriented quantified trust degree representation model for distributed systems[J]. Journal on Comm nications, 2010,31(12): 45-54.
[8]	BHATTI R , BERTINO E , GHAFOOR A . A trust-based context-aware access control model for web-services[J]. Distributed and Parallel Databases, 2005,18(1): 83-105.
[9]	朱友文, 黄刘生, 陈国良 ,等. 分布式计算环境下的动态可信度评估模型[J]. 计算机学报, 2011,34(1): 55-64. ZHU Y W , HUANG L S , CHEN G L ,et al. Dynamic trust evaluation model under distributed computing environment[J]. Chinese Journal of Computers, 2011,34(1): 55-64.
[10]	ILTAF N , GHAFOOR A , HUSSAIN M . Modeling interaction us ng trust and recommendation in ubiquitous computing environment[J]. EURASIP Journal on Wireless Communications and Networking, 2012,(1): 1-13.
[11]	CHAKRABORTY S , RAY I . TrustBAC:integrating trust relationships into the RBAC model for access control in open systems[A]. Proceeding of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT’06)[C]. Lake Tahoe,CA,USA, 2006. 49-58.
[12]	石志国, 贺也平, 张宏 . 一种对等计算安全性的时间自衰减信任管理算法[J]. 计算机研究与发展, 2007,44(1): 1-10. SHI Z G , HE Y P , ZHANG H . A time self-decay trust management algorithm for P2P computing security[J]. Journal of Computer Research and Development, 2007,44(1): 1-10.
[13]	DAMIANI M L , BERTINO E , CATANIA B ,et al. GEO-RBAC:A spatially aware RBAC[J]. ACM Transactions on Information and System Security (TISSEC), 2007,10(1): 21-42.
[14]	KULKARNI D , TRIPATHI A . Context-aware role-based access control in pervasive computing systems[A]. Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT’08)[C]. Estes Park,CO,USA, 2008. 113-122.
[15]	李风华, 王巍, 马建峰 ,等. 协作信息系统的访问控制模型及其应用[J]. 通信学报, 2008,29(9): 116-123. LI F H , WANG W , MA J F . Access control model and its application for collaborative information systems[J]. Journal on Communications, 2008,29(9): 116-123.
[16]	李风华, 王巍, 马建峰 ,等. 基于行为的访问控制模型及其行为管理[J]. 电子学报, 2008,36(10): 1881-1890. LI F H , WANG W , MA J F ,et al. Action-based access control model and administration of actions[J]. Acta Electronica Sinica, 2008,36(10): 1881-1890.
[17]	PREDA S , CUPPENS F,CUPPENS-BOULAHIA N ,et al. Dynamic deployment of context-aware access control policies for constrained security devices[J]. Journal of Systems and Software, 2011,84(7): 1144-1159.
[18]	WANG Q , JIN H , LI N . Usable access control in collaborative environments:authorization based on people-tagging[A]. Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS’09)[C]. Saint Malo,France, 2009. 268-284.
[19]	TOLONE W , AHN G J , PAI T ,et al. Access control in collaborative systems[J]. ACM Computing Surveys (CSUR), 2005,37(1): 29-41.
[20]	LI Q , ZHANG X , XU M ,et al. Towards secure dynamic collaborations with group-based RBAC model[J]. Computers ＆ Security, 2009,28(5): 260-275.
[21]	KRISHNAN R , NIU J , SANDHU R ,et al. Group-centric secure information-sharing models for isolated groups[J]. ACM Transactions on Information and System Security (TISSEC), 2011,14(3): 1-29.
[22]	WANG Q , JIN H . Data leakage mitigation for discretionary access control in collaboration clouds[A]. Proceeding of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT’11)[C]. Innsbruck,Austria, 2011. 103-112.
[23]	胡春华, 陈晓红, 吴敏 ,等. 云计算中基于SLA的服务可信协商与访问控制策略[J]. 中国科学:信息科学. 2012,42(3): 314-332. HU C H , CHEN X H , WU M ,et al. A service trust negotiation and access control strategy based on SLA in cloud computin[J]. China Science:Information Science, 2012,42(3): 314-332.
[24]	刘武, 段海新, 张洪 ,等. TRBAC:基于信任的访问控制模型[J]. 计算机研究与发展, 2011,48(8): 1414-1420. LIU W , DUAN H X , ZHANG H ,et al. TRBAC:trust based access control model[J]. Journal of Computer Research and Development, 2011,48(8): 1414-1420.
[25]	BHATTI R , GHAFOOR A , BERTINO E ,et al. X-GTRBAC:an XML-based policy specification framework and architecture enterprise-wide access control[J]. ACM Transactions on Informatio nd System Security (TISSEC), 2005,8(2): 187-227.

访问控制模型融合的元素	文献[1]	文献[3]	文献[13]	文献[14]	文献[15]	文献[16]	文献[17]	文献[18]	文献[20]	文献[21]	文献[8]	文献[9]	文献[10]	文献[22]	文献[23]	文献[24]	本文
发挥上下文信息	v	v	v	v	v	v	v	v	×	×	v	×	v	×	×	v	v
支持交互	v	v	×	×	×	×	×	v	v	×	v	v	×	v	v	×	v
支持协作	v	v	×	×	×	×	×	v	v	v	v	v	×	v	v	×	v
参考上下文的信任等级	×	×	×	×	×	×	×	×	×	×	v	×	v	×	×	v	v
参考日志记录的信任等级	×	×	×	×	×	×	×	×	×	×	×	v	v	×	v	×	v
参考推荐元素的信任等级	×	×	×	×	×	×	×	×	×	×	×	×	v	v	v	×	v