Journal on Communications ›› 2016, Vol. 37 ›› Issue (5): 9-20.doi: 10.11959/j.issn.1000-436x.2016109
• Papers • Previous Articles Next Articles
Feng-hua LI1,Yan-chao WANG1,Li-hua YIN1,Rong-na XIE2,Jin-bo XIONG1
Online:
2016-05-25
Published:
2016-06-01
Supported by:
Feng-hua LI,Yan-chao WANG,Li-hua YIN,Rong-na XIE,Jin-bo XIONG. Novel cyberspace-oriented access control model[J]. Journal on Communications, 2016, 37(5): 9-20.
"
约束分类 | 约束 | 描述 | |
场景可用约束 | 资源访问实体—场景约束 | (Q,S,T,L,D,NG,assigin Q/deassign Q sc to q) | |
场景可用/不可用 | (Q,S,T,L,D,NG,enable/disable sc) | ||
资源访问实体、场景—权限分配 | (Q,S,T,L,D,NG,assigin P/deassignP p to sc) | ||
场景激活约束 | 激活场景的数量 | 用户 | (Q,S,T,L,D,NG,N active,activeQ_total) |
权限 | (Q,S,T,L,D,NG,N active,activeP_total) | ||
当前系统中激活场景的总数量 | 用户 | (Q,S,T,L,D,NG,N m ax,activeQ_total) | |
权限 | (Q,S,T,L,D,NG,N m ax,activeP_total) |
"
函数名 | 描述 | 函数名 | 描述 | |
verifyid | 若用户身份和证书合法则返回 True,否则返回 Falseverifyid(userid,certification:NAME;outresult:BOOLEAN)?result=(userid∈U)(isvalid(certification))> | verifyng | 若请求的网络 reqng 满足网络 verifyng 的要求则返回True,否则返回Falseverifyng(reqng:NAME;out result:BOOLEAN)?reqng∈NGSTATESresult=( ?ng1,ng2∈validng·ng1<reqng<ng2)∧(q∈Q;d∈DSTATES;t∈TSTATES;l∈LSTATES;ng∈NGSTATES; p∈PERMISSIONS(q,sc= (q,t,l,d,reqng))∈QSC∧(sc=(q,t,l,d,reqng),p)∈SCP )? | |
isnable | 若场景scene可用则返回True,否则返回Falseisnable(scene:NAME;out result:BOOLEAN)?scene∈SCENEresult=scene∈ENABLE*? | n.activescbyu | 返回用户user激活场景数量n.activescbyu(user:NAME;out result:N)?user USERSresult=N activ e U_total(user)? | |
verifyt | 若请求的广义时态re q t 满足广义时态状态verifyt的要求则返回True,否则返回Falseverifyt(reqt:NAME;out result:BOOLEAN)?reqt∈TSTATESresult=(?t1,t2∈validt·t1<reqt<t2)∧(q∈Q;t∈TSTATES;l∈LSTATES;d∈DSTATES;ng∈NGSTATES;p∈ PERMISSIONS(q,sc=(reqt,,l d,ng))∈ QSC ∧(sc=(q,reqt,l,d,ng),p)∈SCP)? | maxn.activescbyu | 返回用户user最多能激活场景数量maxn.activescbyu(user:NAME;out result:N)?user∈USERSresult=N m ax U_total(user)> | |
verifyl | 若请求的接入点 re q l 满足接入点 verifyl 的要求则返回True,否则返回Falseverifyl(reql:NAME;out result:BOOLEAN)?reql∈LSTATESresult=(?l1,l∈validl·l1<reql<l2)∧(q∈Q;t∈TSTATES;l∈LSTATES;d∈DSTATES;ng∈NGSTATES;p∈PERMISSIONS(q,sc=(q,t,reql,d ,ng))∈QSC∧(sc=(q,t,reql,d ,ng),p)∈SCP)? | n.activescbyp | 返回激活权限permission的场景数量n.activescbyp(user:NAME;out result:N)?user∈USERSresult=N max P_total(user)? | |
verifyd | 若请求的访问设备reqd满足访问设备verifyd的要求则返回True,否则返回Falseverifyd(reqd:NAME;out result:BOOLEAN)?reqd∈DSTATESresult=(?d1,d2∈validd·d1<reqd<d2)∧(q∈Q;d∈DSTATES;t∈TSTATES;l∈LSTATES;ng∈NGSTATES;p∈PERMISSIONS(q,sc=(q,t,l,reqd,ng))∈QSC∧(sc=(q,t,l,reqd,ng),p)∈SCP)? | maxn.activescbyp | 返回最多能激活权限permission的场景数量P_totalmaxn.activescbyp(user:NAME;out result:N)?permission∈PERMISSIONSresult=N max P_total(user)? |
[1] | National Computer Security Center.Glossary of computer security terms NCSC-TG-004)[EB/OL]. |
[2] | BELL D E , LAPADULA L J . Secure computer systems:mathematical foundations[R]. MITRE CORP BEDFORD MA, 1973. |
[3] | STALLINGS W . Network and internetwork security:princip and practice[M]. Englewood Cliffs:Prentice Hall, 1995. |
[4] | FERRAIOLO D F , KUHN D R . Role-based access con-trol[C]// National Computer Security Conference. c1992: 554-563. |
[5] | OH S , SANDHU R , ZHANG X . An effective role administration mod-el using organization structure[J]. ACM Transactions on Information and System Security (TISSEC), 2006,9(2): 113-137. |
[6] | SANDHU R , BHAMIDIPATI V , MUNAWER Q . The ARBAC97 model for role-based administration of roles[J]. ACM Transactions on Information and System Security, 1999,2(1): 105-135. |
[7] | SANDHU R , MUNAWER Q , The ARBAC99 model for administra-tion of roles[C]// Annual Computer Security Applications Conference. c1999: 229-238. |
[8] | SANDHU R S , COYNE E J , FEINSTEIN H L , et al. Role-based access control models[J]. Computer, 1996(2): 38-47. |
[9] | FREUDENTHAL E , PESIN T , PORT L , et al. dRBAC:distributed role-based access control for dynamic coalition environments[C]// In-ternational Conference on Distributed Computing System. c2002: 411-420. |
[10] | LIU S , HUANG H . Role-based access control for distributed coopera-tion environment[C]// International Conference onComputational Intel-ligence and Security. c2009: 455-459. |
[11] | PARK J , SANDHU R . The UCON ABC usage control model[J]. ACM Transactions on Information and System Security (TISSEC), 2004,7(1): 128-174. |
[12] | KATT B , ZhANG X W , BREU R , et al. A general obligation model and continuity:enhanced policy enforcement engine for usage con-trol[C]// ACM Symposium on Access Control Models and Technolo-gies, Estes Park,CO,USA, c2008: 683-695. |
[13] | LOVAT E , PRETSCHNER . Data-centric multi-layer usage control enforcement:a social network example[C]// ACM Symposium on Access Control Models and Technologies. Innsbruck,Austria, c2011: 151-152. |
[14] | XU C , WANG Q , ZHANG W , et al. Temporal access control based on multiple subjects[C]// International Conference on Multimedia Infor-mation Networking and Security. c2009: 438-441. |
[15] | BERTINO E , BONATTI P A , FERRARI E . TRBAC:a temporal role-based access control model[J]. ACM Transactions on Information and System Security (TISSEC), 2001,4(3): 191-233. |
[16] | 王小明, 赵宗涛 . 基于角色的时态对象存取控制模型[J]. 电子学报, 2005,33(9): 1634-1638. WANG X M , ZHAO Z T . Role-based access control model of tem-poral object[J]. Acta Electronica Sinica, 2005,33(9): 1634-1638. |
[17] | XU C , WANG Q , ZHANG W , et al. Temporal access control based on multiple subjects[C]// International Conference on Multimedia Infor-mation Networking and Security. c2009: 438-441. |
[18] | YUAN E , TONG J . Attributed based access control (ABAC) for Web services[C]// The IEEE International Conference on Web Services. FL,USA, c2005: 561-569. |
[19] | 李晓峰, 冯登国, 陈朝武 , 等. 基于属性的访问控制模型[J]. 通信学报, 2008,29(4): 90-98. LI X F , FENG D G , CHEN Z W , et al. Model for attribute based access control[J]. Journal on Communications, 2008,29(4): 90-98. |
[20] | 王小明, 付红, 张立臣 . 基于属性的访问控制研究进展[J]. 电子学报, 2010,38(7): 1660-1667. WANG X M , FU H , ZHANG L C , et al. Research progress on attribute-based access control[J]. Acta Electronica Sinica, 2010,38(7): 1660-1667. |
[21] | PIRRETTI M , TRAVNOR P , MCDANIEL P , et al. Secure attribute-based systems[J]. Journal of Computer Security, 2010,18(5): 799-837. |
[22] | 李凤华, 王巍, 马建峰 , 等. 基于行为的访问控制模型及其行为管理[J]. 电子学报, 2008,36(10): 1881-1890. LI F H , WANG W , MA J F , et al. Action-based access control model and administration of actions[J]. Acta Electronica Sinica, 2008,36(10): 1881-1890. |
[23] | RIVEST R , SHAMIR A , WAGNER D A . Time-lock puzzles and timed-release crypto[R]. MIT LCS Tech.Report MIT/LCS/TR-684, 1996. |
[24] | CATHALO J , LIBERT B , QUISQUATER J J . Efficient and non-interactive timed-release encryption[M]. Information and Com-munications Security, 2005: 291-303. |
[25] | PATERSON K G , QUAGLIA E A . Time-specific encryption[M]// Security and Cryptography for Networks, 2010: 1-16. |
[26] | ZHOU L , VARADHARAJAN V , HITCHENS M . Enforcing role-based access control for secure data storage in the cloud[J]. The Computer Journal, 2011,54(10): 1675-1687. |
[27] | BONEH D , FRANKLIN M . Identity-based encryption from the weil pairing[C]// CRYPTO, California,USA c2001: 213-229. |
[28] | ROUSELAKIS Y , WATERS B . Practical constructions and new proof methods for large universe attribute-based encryption[C]// ACM Con-ference on Computer and Communications Security. Berlin,Germany, c2013: 463-474. |
[29] | LEWKO A , WATERS B . Unbounded HIBE and attribute-based en-cryption[C]// Annual International Conference on the Theory and Ap-plications of Cryptographic Techniques. Tallinn,Estonia, c2011: 547-567. |
[30] | GOYAL V , PANDEY O , SAHAI A , et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// ACM Conference on Computer and Communications Security. VA,USA, c2006: 89-98. |
[31] | BETHENCOURT J , WATERS B . Ciphertext-policy attribute-based encryption[C]// IEEE Symposium on Security and Privacy. California,USA, c2007: 321-334. |
[32] | 洪澄, 张敏, 冯登国 . AB-ACCS一种云存储密文访问控制方法[J]. 计算机研究与发展, 2010,47(Z1): 259-265. HONG C , ZHANG M , FENG D G . AB-ACCS:a cryptographic access control scheme for cloud storage[J]. Journal of Computer Research and Development, 2010,47(Z1): 259-265. |
[33] | CHENG Y , REN J , WANG Z , et al. Re-encryption optimization in CP-ABE based cryptographic cloud storage[C]// International Confe-rence on Cloud and Green Computing. Huanan,China, C2012: 173-179. |
[34] | CHASE M , CHOW S S M . Improving privacy and security in mul-ti-authority attribute-based encryption[C]// ACM conference on Com-puter and Communications Security. Illinois,USA, C2009: 121-130. |
[35] | LIU X , ZHANG Y , WANG B , et al. Mona:secure multi-owner data sharing for dynamic groups in the cloud[J]. IEEE Transaction on Pa-rallel and Distributed Systems, 2013,24(6): 1182-1191. |
[1] | Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41. |
[2] | Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150. |
[3] | Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86. |
[4] | Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215. |
[5] | Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170. |
[6] | Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94. |
[7] | Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48. |
[8] | Qinglei ZHOU,Shaohuan BAN,Yingjie HAN,Feng FENG. Mimic defense authentication method for physical access control [J]. Journal on Communications, 2020, 41(6): 80-87. |
[9] | Chunfu JIA,Guanxiong HA,Ruiqi LI. Data access control policy of encrypted deduplication system [J]. Journal on Communications, 2020, 41(5): 72-83. |
[10] | Yonggui FU,Jianming ZHU. Design for database access control mechanism based on blockchain [J]. Journal on Communications, 2020, 41(5): 130-140. |
[11] | Zheng GUAN,Lei XIONG,Yao JIA,Min HE,Zhijun YANG. Research on scheduled WLAN MAC protocol with failure retries on RoF-DAS architecture [J]. Journal on Communications, 2020, 41(3): 102-111. |
[12] | Rongna XIE,Hui LI,Guozhen SHI,Yunchuan GUO. Attribute-based lightweight reconfigurable access control policy [J]. Journal on Communications, 2020, 41(2): 112-122. |
[13] | Aodi LIU, Xuehui DU, Na WANG, Rui QIAO. ABAC access control policy generation technique based on deep learning [J]. Journal on Communications, 2020, 41(12): 8-20. |
[14] | Rongna XIE, Hui LI, Guozhen SHI, Yunchuan GUO, Ming ZHANG, Xiuze DONG. Blockchain-based access control mechanism for data traceability [J]. Journal on Communications, 2020, 41(12): 82-93. |
[15] | Xinglan ZHANG,Shenglin YIN. Intrusion detection model of random attention capsule network based on variable fusion [J]. Journal on Communications, 2020, 41(11): 160-168. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|