安全策略模型聚合性评估方法  被引量：4

作　　者：蔡嘉勇[1,2,3] 卿斯汉[1,4] 刘伟[1,3] 

机构地区：[1]中国科学院软件研究所基础软件国家工程研究中心,北京100190 [2]中国科学院软件研究所信息安全技术工程研究中心,北京100190 [3]中国科学院研究生院,北京100049 [4]北京中科安胜信息技术有限公司,北京100086

出　　处：《软件学报》2009年第7期1953-1966,共14页Journal of Software

基　　金：国家自然科学基金No.60573042;国家重点基础研究发展计划(973)No.G1999035802;北京市自然科学基金No.4052016~~

摘　　要：动态策略支持与授权粒度是访问控制的关键问题.现有的研究只关注安全策略的描述能力,却忽略了对策略结构与授权粒度的分析,从而无法全面满足动态策略支持与最小授权要求.指出Lampson访问矩阵模型是对最细粒度访问控制的抽象,普通安全策略则根据应用安全需求对Lampson访问矩阵进行聚合.基于安全标签的聚合性描述框架(a descriptive framework of groupability basing on security labels,简称GroSeLa)可将普通安全策略映射为Lampson访问矩阵,该框架分为基本组件与扩展两部分:前者分析用于实现矩阵聚合的安全策略结构;后者则指出实现全面动态策略支持必须支持的7类管理性需求.在此基础上,提出5项聚合性指标:聚合因子、动态因子、策略规模、授权粒度与职责隔离支持.对4类经典安全策略ACL,BLP,DTE与RBAC的评估,是从矩阵聚合的角度分析不同的安全策略在表达性、可用性与授权粒度上的差异.Dynamic policy supporting and authorization granularity are two key issues in access control. Present researches only compared the expressiveness of policies, but never considered the policy＇s structure and the granularity of authorization, which makes it difficult to support the dynamic policy and satisfy the least privilege requirement. As this paper points out that Lampson＇s access matrix is the most fine-grained access control model, the other security policies need to group access matrix according to their different application requirements. By defining a descriptive framework of Groupability Basing on Security Labels （GroSeLa）, generic security policies can be mapped into Lampson＇s access matrix. GroSeLa framework consists of a set of fundamental components and an extension. The fundamental components give all policy＇s structure for grouping matrix, and the extension reveals all necessary administrative requirements for supporting dynamic policy completely. Based on GroSeLa, this paper proposes five grouping dimensions for evaluating security policies, including grouping factors, dynamic factors, policy scale, authorization granularity and separation of duty supporting. The paper also compares four classic security policies, namely ACL （access control list）, BLP （Bell LaPadula）, DTE （domain and type enforcement） and RBAC （role-based access control）. To the best of these knowledge, it is studied that the difference on expressiveness, usability and authorization granularity of different security policies are from the aspect of grouping access matrix.

关 键 词：聚合 安全标签 访问矩阵 动态策略 最小授权 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]