面向数据跨域流转的延伸访问控制机制

doi:10.11959/j.issn.1000-436x.2019151

Journal on Communications ›› 2019, Vol. 40 ›› Issue (7): 67-76.doi: 10.11959/j.issn.1000-436x.2019151

• Papers • Previous Articles Next Articles

Extended access control mechanism for cross-domain data exchange

Rongna XIE¹,Yunchuan GUO²,Fenghua LI^1,^2,³(),Guozhen SHI⁴,Yaqiong WANG¹,Kui GENG²

¹ School of Cyber Engineering,Xidian University,Xi’an 710071,China
² Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
³ School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China
⁴ Department of Electronics and Communication Engineering,Beijing Electronic Science and Technology Institute,Beijing 100070,China

Revised:2019-03-24 Online:2019-07-25 Published:2019-07-30
Supported by:
The National Key Research and Development Program of China(016YFB0801002);The National Natural Science Foundation of China(U1836203);The Strategic Priority Research Program of the Chinese Academy of Sciences(XDC02040400)

Abstract

Abstract:

Aiming at the controlled sharing for cross-domain data exchange for complicated application systems,an extended access control mechanism was proposed.The control process was divided into two steps:constraint control and propagation control.The constraint control was used to ensure that access to data was authorized before access request,and the propagation control was used for further extension control after obtaining data access right.In addition,by considering data self and data provenance,the direct and indirect access control were realized.Theoretically,the security and effectiveness of the proposed mechanism were proved.Finally,taking the control of electronic invoice as an example,the implementation approach was proposed.The example shows that the proposed mechanism can perform the fine-grained extended control before and after data in the cross-domain and cross-system are exchanged.

Key words: cross-domain, data flow control, data provenance, extended authorization, propagation control

CLC Number:

TP302

Rongna XIE,Yunchuan GUO,Fenghua LI,Guozhen SHI,Yaqiong WANG,Kui GENG. Extended access control mechanism for cross-domain data exchange[J]. Journal on Communications, 2019, 40(7): 67-76.

Figures/Tables 4

References 18

[1]	MYERS A C , . JFlow:practical mostly-static information flow control[C]// Symposium on Principles of Programming Languages. 1999: 228-241.
[2]	MYERS A C , LISKOV B . A decentralized model for information flow control[J]. ACM SIGOPS Operating Systems Review, 1997,31(5): 129-142.
[3]	KROHN M , YIP A , BRODSKY M ,et al. Information flow control for standard OS abstractions[C]// The 21st ACM SIGOPS Symposium on Operating Systems Principles. 2007: 321-334.
[4]	DOROTHY E . A lattice model of secure information flow[J]. Communications of ACM, 1976,19(5): 236-243.
[5]	BELL D E , LAPADULA L J . Secure computer system:unified exposition and multics interpretation,MTR-2997 Rev.1[R]. Bedford,CA:MITRE Corporation, 1976.
[6]	BIBA K J . Integrity considerations for secure computer systems[R]. USA:USAF Electronic Systems Division Mitre Corp Bedford MA, 1977.
[7]	ZELDOVICH N , BOYD-WICKIZER S , . Securing distributed systems with information flow control[C]// USENIX Symposium on Networked Systems Design and Implementation. USENIX Association, 2006: 293-308.
[8]	SHE W , YEN I L , BASTANI F ,et al. Role-based integrated access control and data provenance for SOA based net-centric systems[J]. IEEE Transactions on Services Computing, 2016,9(6): 940-953.
[9]	SHE W , YEN I L , THURAISINGHAM B ,et al. Security-aware service composition with fine-grained information flow control[J]. IEEE Transactions on Services Computing, 2013,6(3): 330-343.
[10]	ASUQUO P , CRUICKSHANK H , OGAH C P A ,et al. A distributed trust management scheme for data forwarding in satellite DTN emergency communications[J]. IEEE Journal on Selected Areas in Communications, 2018,PP(99):1.
[11]	LI Q , SANDHU R , ZHANG X ,et al. Mandatory content access control for privacy protection in information centric networks[J]. IEEE Transactions on Dependable ＆ Secure Computing, 2017,PP(99):1.
[12]	GROEF W D , DEVRIESE D , NIKIFORAKIS N ,et al. FlowFox:a Web browser with flexible and precise information flow control[C]// The 2012 ACM conference on Computer and Communications Security(CCS) . ACM, 2012: 748-759.
[13]	SHE W , YEN I L , THURAISINGHAM B ,et al. The SzCIFC model for information flow control in Web service composition[C]// IEEE International Conference on Web Services. 2009: 1-8.
[14]	SHE W , YEN I L , THURAISINGHAM B ,et al. Policy-driven service composition with information flow control[C]// IEEE International Conference on Web Services. 2010: 50-57.
[15]	PARK J , DANG N , SANDHU R . A provenance-based access control model[C]// Tenth International Conference on Privacy,Security and Trust. 2012: 137-144.
[16]	SUN L , PARK J , SANDHU R . Engineering access control policies for provenance-aware systems[C]// The Third ACM Conference on Data and Application Security and Privacy(COPASPY). ACM, 2013: 285-292.
[17]	SUN L , PARK J , DANG N ,et al. A provenance-aware access control frame work with typed provenance[J]. IEEE Transactions on Dependable ＆ Secure Computing, 2016,13(4): 411-423.
[18]	李凤华, 王彦超, 殷丽华 ,等. 面向网络空间的访问控制模型[J]. 通信学报, 2016,37(5): 9-20.
	LI F H , WANG Y C , YIN L H ,et al. Novel cyberspace-oriented access control model[J]. Journal on Communications, 2016,37(5): 9-20.

Metrics

Recommended 0

No Suggested Reading articles found!

Extended access control mechanism for cross-domain data exchange

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 18

Related Articles 11

Metrics

Recommended 0

[1]	Xuejiao LIU, Tiancong CAO, Yingjie XIA. Research on efficient and secure cross-domain data sharing of IoV under blockchain architecture [J]. Journal on Communications, 2023, 44(3): 186-197.
[2]	Haijun LIAO, Zehan JIA, Zhenyu ZHOU, Nian LIU, Fei WANG, Zhong GAN, Xianjiong YAO. Dispatching and control information freshness guaranteed resource optimization in simplified power Internet of things [J]. Journal on Communications, 2022, 43(7): 203-214.
[3]	Shuo WANG, Yudong HUANG, Tao HUANG, Ru HUO, Yunjie LIU. Software-defined cross-domain scheduling mechanism for time-sensitive networking [J]. Journal on Communications, 2021, 42(10): 1-9.
[4]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.
[5]	Youliang TIAN,Kedi YANG,Zuan WANG,Tao FENG. Algorithm of blockchain data provenance based on ABE [J]. Journal on Communications, 2019, 40(11): 101-111.
[6]	Wei GUO,Xue-guang ZHOU,Cheng-qin QU,Fang LUO,Xiang-jun JI. Naval fleet across-domain communication scheme based on CP-ABE [J]. Journal on Communications, 2015, 36(Z1): 250-258.
[7]	Jian-hua SUN,Zhi-rong LIU,Hao CHEN. Secure cross-domain communication mechanism for Web mashups [J]. Journal on Communications, 2012, 33(6): 19-29.
[8]	Chang-yuan LUO,Shi-wei HUO,Hong-zhi XING. Identity-based cross-domain authentication scheme in pervasive computing environments [J]. Journal on Communications, 2011, 32(9): 111-115.
[9]	Qi JIANG,Guang-song LI,Jian-feng MA. Security flaws and improvement of an ID-based wireless authentication scheme with anonymity [J]. Journal on Communications, 2010, 31(9A): 209-216.
[10]	Qi JIANG,Jian-feng MA,Guang-song LI,Hong-yue LIU. Identity-based roaming protocol with anonymity for heterogeneous wireless networks [J]. Journal on Communications, 2010, 31(10): 138-145.
[11]	Qiu-yu ZHANG,Zhan-ting YUAN,Qi-kun ZHANG,Rui-fang WANG. Multi-domain authentication mechanism based on lattice and adaptive algorithm [J]. Journal on Communications, 2007, 28(11A): 82-86.