基于Petri网的IRBAC 2000域间动态转换SMER约束违反检测  被引量：3

作　　者：刘猛[1,2] 王轩[1] 黄荷娇[1] 赵海楠[1] 张加佳[1] 

机构地区：[1]哈尔滨工业大学深圳研究生院计算机应用研究中心,广东深圳518055 [2]山东大学威海分校机电与信息工程学院,山东威海264209

出　　处：《计算机研究与发展》2012年第9期1991-1998,共8页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(11071271);中央高校基本科研业务费专项资金项目(HIT.NSRIF.2009)

摘　　要：Kapadia等人提出的IRBAC2000模型是在基于角色的访问控制(role-based access control,RBAC)模型基础上,通过角色互联和动态角色转换实现管理域间的互操作.职责分离是RBAC模型3个基本安全原则之一,而IRBAC2000模型没有考虑静态职责分离可能会造成域中静态互斥角色约束违反问题.在相关研究基础上分析了该问题,提出一种新颖的基于Petri网模型的分析方法,该方法相比以前文献中的方法简单、直观.给出了根据IRBAC2000模型构造对应Petri网的算法,基于该图形化模型可直观表示IRBAC2000模型,分析和给出了IRBAC2000违反静态互斥角色(static mutual exclusive roles,SMER)约束的充分必要条件和检测算法,通过一个实例分析验证了其有效性与正确性.为了在进行角色关联和用户/角色分配操作时不会违反SMER约束,也基于Petri网分析讨论了执行两种管理操作保证安全的先决条件,为IRBAC2000模型的安全性提供了安全保证机制.Kapadia et al. proposed the IRBAC （interoperable role-based access control） 2000 model, which can be used to accomplish security interoperation between two or more administrative domains via role association and dynamic role translation. Separation of duties （SOD） is one of three basic security principles supported by the RBAC （role-based access control） model. However, SSoD （static separation of duties） is not considered in the IRBAC 2000 model, so the problem of inter-domain static mutual exclusive roles constraints violation can arise while performing security interoperation between domains. This problem has been discussed in some literatures, but these researches are all from the perspective of mathematical logic and logical reasoning, which is abstract, complicated and not intuitive. On the basis of these researches, this paper introduces a novel method of analyzing the problem based on Petri net, which is very easy and visualized to be used to analyze the SMER （static mutual exclusive roles） constraints violation problem. A construction algorithm of Petri net is used to convert an IRBAC2000 model into a corresponding Petri net model, and the necessary and sufficient condition for SMER constraints violation of the IRBAC 2000 model in the Petri net model are proposed and proved. A detection model based on Petri net of violation of SMER constraints is also presented, and at last a case is used to illustrate the efficiency of the proposed model. To avoid SMER constraints violation while adding new role association or user/role assignment, the prerequisites to guarantee the security are also discussed, analyzed and detailed in this paper.

关 键 词：PETRI网 静态职责分离 静态互斥角色 动态角色转换 互操作 约束违反 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]