基于风险分析的应用系统访问控制模型  

Research on risk analysis-based access control model of application system

在线阅读下载全文

作  者:高志民[1] 王声远[2] 

机构地区:[1]北京交通大学计算机与信息技术学院,北京100044 [2]北京大学软件与微电子学院,北京102600

出  处:《北京交通大学学报》2011年第5期21-25,共5页JOURNAL OF BEIJING JIAOTONG UNIVERSITY

基  金:长江学者和创新团队发展计划项目资助(IRT0707);北京市教育委员会学科建设与研究生教育建设项目资助

摘  要:针对复杂的应用系统,提出了一种基于风险分析的访问控制模型,该模型通过风险概念建立了业务目标和访问控制策略间的直接对应关系,以业务流程运营绩效指标作为风险度量的基准,并将风险计算作为访问控制授权决策的约束方程,同时,在最小权限原则和职责分离原则基础上,还给出了"业务-安全"均衡原则,并建立了相应授权决策规则.本文的研究成果有助于摈弃"安全或不安全"的二元制授权决策规则,建立适应业务灵活性和互操作性发展的柔性授权决策方法.Facing to the complex application systems, an access control model based on the risk analysis is proposed. The directed connection between the business objectives and the access control strategies is established in the model according to the concept of risk, with business process operational performance indicators as a basis on the risk measurement and the risk calculation as the constraint equation of the access control authorization decision. At the same time, besides the principle of least privilege and the principle of responsibility of separation, the principle of "business-security" equilibrium is also given, and the appropriate authorization decision rules are also established. The research results in the article aid to establish a flexible decision-making method to adapt the development of the business flexibility and interoperability, as well as get rid of the "safe or unsafe" dual authorization decision rule.

关 键 词:风险分析 访问控制 基于角色的访问控制 基于任务的访问控制 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象