2016 年 11 月 Journal on Communications November 2016
2016220-1
第 37 卷第 11 期 通 信 学 报 Vol.37
No.11
动态自适应访问控制模型
史国振
1,2
,王豪杰
3
,慈云飞
1
,叶思水
4
,郭云川
5
(1. 北京电子科技学院信息安全系,北京 100070;2. 西安电子科技大学计算机学院,陕西 西安 710071;
3. 西安电子科技大学通信工程学院,陕西 西安 710071;4. 瑞庭网络技术(上海)有限公司房产技术部,上海 200127;
5.中国科学院信息工程研究所信息安全国家重点实验室,北京 100093)
摘 要:随着云计算技术、智慧城市及移动办公的发展和移动智能设备的出现,资源所处的网络环境越来越复杂,
传统的访问控制模型已很难满足多样化的访问控制条件以及访问控制策略动态自适应调整的需求。以基于行为的
访问控制模型为基础,结合资源生命周期管理,提出了一种动态自适应访问控制模型。该模型以资源生命周期为
中心,充分考虑资源的生命周期阶段及其访问控制策略的关联性和动态性,使资源访问控制策略能够随着资源生
命周期所处阶段的变化而自动变化,提高了访问控制的灵活性和复杂网络环境下的适用性;模型加入用户访问行
为历史管理功能,考虑用户的历史访问行为,进一步约束主体的访问能力,提高模型适应开放的网络环境的能力。
最后,在通用访问控制系统和云访问控制系统中对该模型进行了实现和验证。
关键词:访问控制;基于行为的访问控制模型;资源生命周期管理;动态自适应;用户历史访问行为
中图分类号:TP302 文献标识码:A
Dynamic and adaptive access control model
SHI Guo-zhen
1,2
, WANG Hao-jie
3
, CI Yun-fei
1
, YE Si-shui
4
, GUO Yun-chuan
5
(1. School of Information Security, Beijing Electronic Science and Technology Institute, Beijing 100070, China;
2. School of Computer Science and Technology, Xidian University, Xi'an 710071, China;
3. School of Telecommunications Engineering, Xidian University, Xi'an 710071, China;
4. Dept. of House Technology, Ruiting Networking Technology (Shanghai) Co, Ltd., Shanghai 200127, China;
5. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China)
Abstract: With the development of cloud computing technology, smart city and mobile office and emergence of mobile
smart devices, the resources’ environment is increasing complex. The traditional access control model has been difficult
to meet the diverse access control requirements and the dynamic and adaptive access control policy. A dynamic and adap-
tive access control model combining the resource life cycle management based on ABAC was proposed. The model fo-
cused on resource life cycle management considering the relevance of the resource life cycle management and access
control policy. In this model, the policy can be changed as the resource life cycle states’ change, so the applicability has
been improved. In addition, the user access behavior history management function was added in this model, which can
adapt the environment better by considering history of user access behavior. At last, the model in general and cloud com-
puting access control system was implemented and verified.
Key words: access control, action-based access control model, resource life cycle, dynamic adaptation, user access be-
havior history
doi:10.11959/j.issn.1000-436x.2016220
收稿日期:2016-08-12;修回日期:2016-10-08
通信作者:郭云川,guoyunchuan@iie.ac.cn
基金项目:国家重点研发计划基金资助项目(No.2016YFB0800304);北京市自然科学基金资助项目(No.4152048);江苏省
自然科学基金资助项目(No.BK20150787)
Foundation Items: The National Key Research Program of China (No.2016YFB0800304), The Natural Science Foundation of Bei
ing
(No.4152048), The Natural Science Foundation of Jiangsu Province (No.BK20150787)