Chinese Journal of Network and Information Security ›› 2024, Vol. 10 ›› Issue (1): 58-78.doi: 10.11959/j.issn.2096-109x.2024003
• Papers • Previous Articles
Dibin SHAN, Xuehui DU, Wenjuan WANG, Na WANG, Aodi LIU
Revised:
2023-08-28
Online:
2024-02-01
Published:
2024-02-01
Supported by:
CLC Number:
Dibin SHAN, Xuehui DU, Wenjuan WANG, Na WANG, Aodi LIU. Scenario-aware access control model[J]. Chinese Journal of Network and Information Security, 2024, 10(1): 58-78.
"
类别 | 符号 | 描述 |
成员 | ST | 系统状态集,ST={st0,st1,…,stn},st0表示系统初始状态 |
D | 安全域,包括请求域ds、响应域do、访问控制域da(da可细分为访问控制决策域dd、访问控制实施域de) | |
A | 行为集,A={a 0,a 1,…,an},ai表示第i个行为。根据SAAC模型,行为包括访问请求a request、访问响应a response、访问裁决adecision、访问控制实施aenforcement、场景感知ascaware、访问控制规则生成arulesg6类行为。 | |
Out | 输出结果集 | |
函数 | dom:A→D | 行为与安全域的映射函数,返回值是行为所属的安全域。dom(ai)∈D表示行为ai对应的安全域 |
step:ST×A→ST | 系统状态sti在执行行为ai后进入系统状态sti+1(0≤i≤n),记为sti+1=step(sti,ai) | |
run:ST×A*→ST | 系统状态sti在执行一系列行为 | |
output:ST×A*→Out | 系统状态sti在执行一系列行为 | |
ipurge:A*×D→A* | 非传递的消除函数,从行为序列 | |
sources:A*×D→2 D | 在一个行为序列中识别出那些不应该被删除的行为,记为 | |
关系 | ~> | 干扰关系:表示对不同安全域之间的信息流的权限 |
无干扰关系:表示禁止不同安全域之间的信息流 | ||
观察等价关系:表示从安全域d的角度来看,系统状态sti和状态stj是等价的。 | ||
子域等价关系:表示在安全域集的一个子域中,系统状态 sti 和状态 stj 是等价的。 |
[1] | 李昊, 张敏, 冯登国 ,等. 大数据访问控制研究[J]. 计算机学报, 2017,(1): 72-91. |
LI H , ZHANG M , FENG D G ,et al. Research on access control for big data[J]. Journal of Computer Science, 2017,(1): 72-91. | |
[2] | SERVOS D , OSBORN S L . Current research and open problems in attribute-based access control[J]. ACM Computing Surveys, 2017,49(4): 1-45. |
[3] | CHEN X , GAO Y , TANG H ,et al. Research progress on big data security technology[J]. Scientia Sinica Informationis, 2020,50(1): 25-66. |
[4] | 高振升, 曹利峰, 杜学绘 . 基于区块链的访问控制技术研究进展[J]. 网络与信息安全学报, 2021,7(6): 68-87. |
GAO Z S , CAO L F , DU X H . Research progress of access control based on blockchain[J]. Chinese Journal of Network and Information Security, 2021,7(6): 68-87. | |
[5] | KAYES A S M , KALARIA R , SARKER I H ,et al. A survey of context-aware access control mechanisms for cloud and fog networks:taxonomy and open research issues[J]. Sensors (Basel), 2020,20(9): 1-34. |
[6] | 刘敖迪, 杜学绘, 王娜 ,等. 基于深度学习的ABAC访问控制策略自动化生成技术[J]. 通信学报, 2020,41(12): 8-20. |
LIU A D , DU X H , WANG N ,et al. Automatic Generation technology of ABAC access control policy based on deep learning[J]. Journal on Communications, 2020,41(12): 8-20. | |
[7] | 单棣斌, 杜学绘, 王文娟 ,等. 基于 GNN 双源学习的访问控制关系预测方法[J]. 网络与信息安全学报, 2022,8(5): 40-55. |
SHAN D B , DU X H , WANG W J ,et al. Access control relationship prediction method based on GNN dual source learning[J]. Chinese Journal of Network and Information Security, 2022,8(5): 40-55. | |
[8] | PARK J , NGUYEN D , SANDHU R . A provenance-based access control model[C]// Proceedings of 2012 Tenth Annual International Conference on Privacy,Security and Trust (PST). 2012: 137-144. |
[9] | AKAICHI I , KIRRANE S . Usage control specification,enforcement,and robustness:a survey[J]. 2022,arXiv:2203.04800[04.23 2023]. |
[10] | BERTINO E , BONATTI P A , FERRARI E . TRBAC:A temporal role-based access control model[C]// Proceedings of TISSEC2001. 2001: 191-233. |
[11] | BERTINO E , CATANIA B , DAMIANI M L ,et al. GEO-RBAC:a spatially aware RBAC[C]// Proceedings of the 10th Symposium on Access Control Models and Technologies. 2005: 29-37. |
[12] | CHANDRAN S M , JOSHI J B . LoT-RBAC:A location and time-based RBAC model[C]// Proceedings of the International Conference on Web Information Systems Engineering. 2005: 361-375. |
[13] | ASIM Y , MALIK A K . A survey on access control techniques for social networks[M]. Information Diffusion Management and Knowledge Sharing. 2020: 319-342. |
[14] | BUI T , STOLLER S D . A decision tree learning approach for mining relationship-based access control policies[C]// Proceedings of the 25th ACM Symposium on Access Control Models and Technologies. 2020: 167-178. |
[15] | BUI T , STOLLER S D , LE H . Efficient and extensible policy mining for relationship-based access control[C]// Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. 2019: 161-172. |
[16] | KAYES A S M , RAHAYU W , DILLON T ,et al. Context-aware access control with imprecise context characterization for cloudbased data resources[J]. Futur Gener Comp Syst, 2019,93: 237-255. |
[17] | KAYES A S M , HAN J , RAHAYU W ,et al. A policy model and framework for context-aware access control to information resources[J]. Comput J, 2019,62(5): 670-705. |
[18] | BERTOLISSI C , HARTOG J D , ZANNONE N . Using provenance for secure data fusion in cooperative systems[C]// Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. 2019: 185-194. |
[19] | YU Y , XIA T , WANG H ,et al. Semantic-aware spatio-temporal app usage representation via graph convolutional network[J]. Proc ACM Interact Mob Wearable Ubiquitous Technol, 2020,4(3): 101: 101-124. |
[20] | CHAKRABORTY S , SANDHU R . Formal analysis of ReBAC policy mining feasibility[C]// Proceedings of CODASPY '21. 2021: 197-207. |
[21] | FAN X , ZHANG F , SONG J ,et al. A fine-grained policy model for provenance-based access control and policy algebras[J]. 2020,arXiv:2001.01945, 2023. |
[22] | GROUP N B D P W , SUBGROUP D A T . NIST big data interoperability framework:volume 1,definitions[R]. 2019. |
[23] | GROUP N B D P W , SUBGROUP D A T . NIST big data interoperability framework:volume 2,big data taxonomies[R]. 2019. |
[24] | 李学龙, 龚海刚 . 大数据系统综述[J]. 中国科学:信息科学, 2015,45(1): 1-44. |
LI X L , GONG H G . A survey on big data systems[J]. SCIENTIA SINICA Informationis, 2015,45(1): 1-44. | |
[25] | ARSHAD H , JOHANSEN C , OWE O . Semantic attribute-based access control:a review on current status and future perspectives[J]. Journal of Systems Architecture, 2022,129:102625. |
[26] | KAYES A S M , HAN J , COLMAN A . ICAF:a context-aware framework for access control[M]. Information Security and Privacy. 2012: 442-449. |
[27] | KAYES A S M , RAHAYU W , WATTERS P ,et al. Achieving security scalability and flexibility using fog-based context-aware access control[J]. Futur Gener Comp Syst, 2020,107: 307-323. |
[28] | KAYES A S M , HAN J , COLMAN A . An ontological framework for situation-aware access control of software services[J]. Information Systems, 2015,53: 253-277. |
[29] | MCINTOSH T , WATTERS P , KAYES A S M ,et al. Enforcing situation-aware access control to build malware-resilient file systems[J]. Future Generation Computer Systems, 2021,115: 568-582. |
[30] | CORRADI A , MONTANARI R , TIBALDI D . Context-based access control for ubiquitous service provisioning[C]// Proceedings of the 28th Annual International Computer Software and Applications Conference (COMPSAC’04). 2004: 444-451. |
[31] | BUI T , STOLLER S D , LI J J . Greedy and evolutionary algorithms for mining relationship-based access control policies[J]. Computers& Security, 2019,80: 317-333. |
[32] | IYER P , MASOUMZADEH A . Active learning of relationship-based access control policies[C]// Proceedings of the 25th ACM Symposium on Access Control Models and Technologies. 2020: 155-166. |
[33] | KAYES A S M , HAN J , COLMAN A ,et al. RelBOSS:a relationship-aware access control framework for software services[M]// MEERSMAN R,PANETTO H,DILLON T,et al. On the Move to Meaningful Internet Systems: Otm 2014 Conferences. 2014: 258-276. |
[34] | SUN L , PARK J , NGUYEN D ,et al. A provenance-aware access control framework with typed provenance[J]. IEEE Trans Dependable Secur Comput, 2016,13(4): 411-423. |
[35] | NGUYEN D , PARK J , SANDHU R . A provenance-based access control model for dynamic separation of duties[C]// Proceedings of 2013 Eleventh Annual Conference on Privacy,Security and Trust (PST). 2013: 247-256. |
[36] | CHAKRABORTY S , SANDHU R . On feasibility of attributeaware relationship-based access control policy mining[M]// Berlin: Springer.Data and Applications Security and Privacy. 2021: 393-405. |
[37] | HU V C , FERRAIOLO D , KUHN R ,et al. Guide to attribute based access control (abac) definition and considerations:NIST special publication 800-162[S]. 2014: 1-37. |
[38] | KAYES A S M , HAN J , COLMAN A ,et al. A semantic policy framework for context-aware access control applications[C]// Proceedings of 2013 12th IEEE International Conference on Trust,Security and Privacy in Computing and Communications. 2013: 753-762. |
[39] | KAYES A S M , RAHAYU W , DILLON T . An ontology-based approach to dynamic contextual role for pervasive access control[C]// Proceedings 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications. 2018: 601-608. |
[40] | MOREAU L , CLIFFORD B , FREIRE J ,et al. The open provenance model core specification (v1.1)[J]. Future Generation Computer Systems, 2011,27(6): 743-756. |
[41] | MISSIER P , BELHAJJAME K , CHENEY J . The W3C PROV family of specifications for modelling provenance metadata[C]// Proceedings of the 16th International Conference. 2013: 773-776. |
[42] | BATRA G , ATLURI V , VAIDYA J ,et al. Incremental maintenance of ABAC Policies[C]// Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, 2021. |
[43] | SHAN D , DU X , WANG W ,et al. GNN-based method for predicting access control relationships for big data[C]// 2022 2nd International Conference on Computer Science,Electronic Information Engineering and Intelligent Control Technology (CEI). 2022. |
[44] | HAN J , PEI J , YIN Y ,et al. Mining frequent patterns without candidate generation:a frequent-pattern tree approach[J]. Data Mining and Knowledge Discovery, 2004,8(1): 53-87. |
[45] | HUANG H , FU Y , HU J ,et al. Research on distributed dynamic trusted access control based on security subsystem[J]. IEEE Transactions on Information Forensics and Security, 2022: 1-15. |
[46] | RUSHBY J . Noninterference,transitivity,and channel-control security policies[R]. 2005. |
[47] | WANG X , JI H , SHI C ,et al. Heterogeneous graph attention network[C]// Proceedings of The World Wide Web Conference(WWW '19). 2019: 2022-2032. |
[48] | TU Z , LI R , LI Y ,et al. Your apps give you away distinguishing mobile users by their app usage fingerprints[C]// Proceedings of the ACM on Interactive,Mobile,Wearable and Ubiquitous Technologies. 2018,138: 131-123. |
[49] | KARIMI L , ALDAIRI M . An automatic attribute based access control policy extraction from access logs[J]. IEEE Trans Dependable Secur Comput, 2022,19(4): 2304-2317. |
[50] | SANDERS M W , YUE C,ACM . Mining least privilege attribute based access control policies[C]// Proceedings of 35th Annual Computer Security Applications Conference (ACSA). 2019: 404-416. |
[1] | Dong LI, Yanni HAO, Shenghui PENG, Ruijie ZI, Ximeng LIU. Network security of the National Natural Science Foundation of China: today and prospects [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 92-101. |
[2] | Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG. Access control relationship prediction method based on GNN dual source learning [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 40-55. |
[3] | Chao MU, Xin WANG, Ming YANG, Heng ZHANG, Zhenya CHEN, Xiaoming WU. Hardcoded vulnerability detection approach for IoT device firmware [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 98-110. |
[4] | Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87. |
[5] | Guanqun YANG, Yin LIU, Hao XU, Hongwei XING, Jianhui ZHANG, Entang LI. Credible distributed identity authentication system of microgrid based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 88-98. |
[6] | Jiashun ZHOU, Na WANG, Xuehui DU. Multi-party efficient audit mechanism for data integrity based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 113-125. |
[7] | Fuyuan SONG, Zheng QIN, Jixin ZHANG, Yu LIU. Efficient and secure multi-user outsourced image retrieval scheme with access control [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 29-39. |
[8] | Wenchao WU, Zhiyu REN, Xuehui DU. Permission clustering-based attribute value optimization [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 175-182. |
[9] | Tianyi ZHU, Fenghua LI, Lin CHENG, Yunchuan GUO. Research on cross-domain access control technology [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 20-27. |
[10] | Yunxiang QIU,Hongxia ZHANG,Qi CAO,Jiancong ZHANG,Xingshu CHEN,Hongjian JIN. Blockchain data access control scheme based on CP-ABE algorithm [J]. Chinese Journal of Network and Information Security, 2020, 6(3): 88-98. |
[11] | Yukun NIU,Lingbo WEI,Chi ZHANG,Xia ZHANG,Vejarano Gustavo. Privacy-preserving access control for public wireless LAN utilizing the bitcoin blockchain [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 56-66. |
[12] | Jianming ZHU,Hongrui YANG. Data security challenges and countermeasures in financial technology [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 71-79. |
[13] | Qiuyue SU, Xingshu CHEN, Yonggang LUO. Access control model for multi-source heterogeneous data in big data environment [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 78-86. |
[14] | Tuosiyu MING, Hongchang CHEN. Research progress and trend of text summarization [J]. Chinese Journal of Network and Information Security, 2018, 4(6): 1-10. |
[15] | De-yu YUAN,Xiao-juan WANG,Jian-chao WAN. Influence of Internet plus on cyberspace security and the technology development trend in Internet plus era [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 1-9. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|