可抵御内部威胁的角色动态调整算法  被引量：2

作　　者：潘恒[1] 李景峰[2] 马君虎 PAN Heng;LI Jing-feng;MA Jun-hu(Research Institute of Advanced Information Technology,Zhongyuan University of Technology,Zhengzhou 450007,China;PLA Information Engineering University,Zhengzhou 450001,China;PLA Air Force 93010 Unit,Shenyang 110016,China)

机构地区：[1]中原工学院前沿信息技术研究院,郑州450007 [2]战略支援部队信息工程大学,郑州450001 [3]空军93010部队,沈阳110016

出　　处：《计算机科学》2020年第5期313-318,共6页Computer Science

基　　金：河南省高等学校重点基础研究计划项目(19A520047);中原工学院自主创新应用研究项目(K2018YY017)。

摘　　要：业务流程、信息基础设施等的变化会造成当前角色定义出现偏差,使得组织易遭受内部威胁。基于定时、合理改变组织内部角色集合的防御思路,提出了一种角色动态调整算法(Role Dynamic Ajusting,RDA)。该算法定义了带有调整参数的目标函数,以平衡考虑用户权限实际使用数据以及系统管理员专家知识;基于启发式搜索策略和子集结对操作得到一组候选角色;使用启发式函数计算角色分值,按照角色分值的高低对候选角色集进行删选,得到符合角色质量要求的调整角色集;以降低角色冗余度为目标,使用调整角色集为系统用户重新分配角色,得到新的系统角色配置。基于某医院管理系统日志的实验结果表明,RDA算法可有效调节目标组织系统的角色集,为抵御内部威胁打下良好基础。Due to derivations in current role definition from the changes of the bossiness process and information infrastructure,organizations are vulnerable to internal threat.A role dynamic adjustment algorithm is proposed based on the defensive idea of changing the set of roles within the organization regularly and reasonably.The algorithm defines an objective function with adjusting parameters to balance the two elements,which are the user privilege actual use data and the system administrator expert knowledge.Based on heuristic search strategy and sub-set pairing technique,a group of candidate roles are obtained.From these roles,a set of adjusting roles which can achieve a predefined score are obtained,by using a certain heuristic function.Finally,in order to reduce role redundancy,the users of the organization are reassign the roles from the adjusting roles,so getting a new Role-Based Access Control(RBAC)configuration.By using the audit logs from a hospital management system,the performance of the RDA is analyzed.The experimental results show that the proposed algorithm can efficiently adjust the RBAC configuration for the special organization,so it can provide concrete base for resisting the insider threats.

关 键 词：内部威胁 基于角色的访问控制 启发式搜索策略 一类支持向量机 动态调整 

分 类 号：TP191[自动化与计算机技术—控制理论与控制工程]