基于场景感知的访问控制模型  

作　　者：单棣斌[1] 杜学绘[1] 王文娟[1] 王娜[1] 刘敖迪 SHAN Dibin;DU Xuehui;WANG Wenjuan;WANG Na;LIU Aodi(Information Engineering University,Zhengzhou 450001,China)

机构地区：[1]信息工程大学,河南郑州450001

出　　处：《网络与信息安全学报》2024年第1期58-78,共21页Chinese Journal of Network and Information Security

基　　金：国家自然科学基金(62102449);国家重点研发计划(2018YFB0803603,2016YFB0501904);河南省重点研发与推广专项(222102210069)。

摘　　要：动态访问控制模型是构建大数据动态访问控制系统的理论基础,而现有访问控制模型大多只能满足单一情景下的动态访问控制,无法适应大数据上下文环境变化、实体关系变更和客体状态变迁等多类型动态情景中的访问控制。针对上述问题,在现有访问控制模型的研究的基础上,对大数据动态因素进行分析,提出基于场景感知的访问控制(SAAC,scenario-aware access control)模型。将各类型动态因素转换为属性、关系等基本元素;并引入场景信息对各类组成元素进行统一建模;基于场景信息构建大数据动态访问控制模型,以实现对多类型动态因素、扩展动态因素的支持。设计SAAC模型的工作框架,并提出框架工作流程对应的基于场景感知的访问控制模型规则学习算法和SAAC规则执行算法,以实现访问控制规则自动学习和动态访问控制决策。通过引入非传递无干扰理论,分析并验证了对所提模型的安全性。为验证所提模型访问控制策略挖掘方法的有效性,将SAAC模型与ABAC-L、PBAC-X、DTRM和FB-CAAC等基线模型在4个数据集上进行了实验对比。实验结果表明,SAAC模型及其策略挖掘方法的ROC曲线的线下面积、单调性和陡峭度等指标的结果均优于基线模型,验证了所提模型能够支持多类型动态因素和动态因素扩展,其挖掘算法所得的访问控制规则的综合质量相对较高。Dynamic access control model is the theoretical basis for constructing a dynamic access control system for big data.However,most existing access control models can only fulfill dynamic access control in a single scenario and are unable to adapt to access control in multiple types of dynamic scenarios.These scenarios include changes in the contextual environment of big data,changes in entity relationships,and changes in the state of objects.To address these issues,an analysis was conducted based on the research of existing access control models and the dynamic factors of big data.Subsequently,scenario-aware access control(SAAC)model was proposed,which was based on dynamic factor conversion and scenario unified modeling.All types of dynamic factors were converted into basic elements such as attributes and relationships.Then,scene information was incorporated to model the various types of constituent elements in a unified manner.A big data dynamic access control model was constructed based on scene information to support multi-type dynamic factors and extended dynamic factors.The working framework of the SAAC model was designed,and the SAAC rule learning algorithm and SAAC rule execution algorithm were proposed corresponding to the workflow of the framework.This enabled the automatic learning of access control rules and dynamic access control decision-making.The security of the proposed model was analyzed and verified by introducing the non-transitive non-interference theory.To validate the effectiveness of the access control policy mining method of the proposed model,experimental comparisons were conducted between the SAAC model and baseline models such as ABAC-L,PBAC-X,DTRM,and FB-CAAC using four datasets.The experimental results demonstrate that the SAAC model and its strategy mining method outperforms the baseline models in terms of metrics such as area under the curve AUC,monotonicity,and steepness of the ROC curve.This verification confirms that the proposed model can support multiple types of dynamic factors

关 键 词：大数据 访问控制 动态因素 场景 无干扰理论 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]