跨信任域多级安全访问控制技术研究

上海交通大学硕士学位论文跨信任域多级安全访问控制技术研究姓名：李卓凡申请学位级别：硕士专业：通信与信息系统指导教师：杨树堂20060101iAgentPKI5iiAgent3.6iiiRESEARCHONTECHNOLOGYOFCROSS-TRUST-DOMAINMULTI-LEVELSECURITYACCESSCONTROLABSTRACTWiththefastdevelopmentofinternettechnology,ithelpspeopletoobtainunlimitedknowledgeandresourcesconveniently.Manytypesofservices,suchase-commerceande-government,haveshiftedtheirdevelopmenttothiselectronicworld.Withthisevolution,informationsecurityproblems,forexample,virusandhackerattack,comeforthcontinually.Thesemattersletpeoplesensetheimportanceoftheinformationsecurity.Forprotectingthesecurityofinformationsystem,manykindsofinformationsecuritytechnologieshavecometopeople’sattention.Accesscontrolwhichisamethodofprotectingsystemsecurityistheresearchhotspotatalltimes.Thepurposeofthisdissertationistosolvethemattersoftheapplicationinaccesscontrolofcross-trust-domainenvironment.Baseontheresearchofmanykindsofaccesscontroltechnologyandtraditionalaccesscontrolmodels,thisarticleprovidesanddesignsaivtrust-level-basedcross-trust-domainaccesscontrolmodel.Thismodelperformsaccesscontrolthroughthreetasks:authentication,leveloftrustdistributionandaccesscontroljudgement.Aimatcross-trust-domainapplicationenvironment,themodelimplementsdigitalcertificateandsinglesignonforthecoreauthenticationtechnologytosolvethesecurityproblemsofcross-trust-domainauthenticationandtrusttransformation.Toenhancetheefficiencyofcertificatepathbuilding,thisdissertationalsogivesoutameanstoassistthePKIusertobuildthecertificationpathbyusinganagent.Ithasbeenprovedbyanalysisthatunderthecircumstancesofonlyonehopbetweeneachnodeincommunicationnetworkandwith5nodesinhybridtrustmodel,thismethodwillimprovetheefficiencyto3.6timesthanthatofthetraditionalmethod.Moreover,forthepurposeofmulti-leveltrust,themodelwillassignatrust-levellabel,whichisestimatedthroughsubjectinfoandtrustofactionestimationofthesubject,foreverysubject.Additionally,focusingonthesecuritymattersofthepracticaluseandtheconflictofinterest,themodelprovidesaseriesofsecuritypoliciestopreservetheconfidentialityandintegrityoftheobjects.Furthermore,Ialsoanalysesanddiscussesthemethodofthecreationoftheobjectandthemodificationoftherightsofobject.vAttheendofthisdissertation,Iapplythemodeltoenterpriseapplicationandremoteeducationalexperimentplatform.Ithasbeenprovedbyanalysisthatthismodelisfeasibleanduseable.Thecross-trust-domainmulti-levelsecurityaccesscontrolmodeldescribedinthisdissertationisfeasibleandextensible.Itisadaptingtotheuseine-commerce,e-government,enterpriseapplicationandremoteeducation,etc.Thismodelhasextensiveapplicationperspective.Itcanapplytodistributed,cross-trust-domainandopenenvironment.Italsoprovidesstableandhighsecuritymulti-levelsecurityaccesscontrolmechanismandcontributestothedevelopmentoftheinternetservice.Keywords:Multi-levelSecurityAccessControl,Cross-trust-domain,Certificate,PKI200611722006117200611711.1InternetIntranetAccessControlSubjectObjectWeb21.21.2.11973DavidBellLenLaPadula—Bell-LaPadula1989D.BrewerM.Nash1992D.FerraioloR.KuhnRole-BasedAccessControlRBACRBAC1996R.SandhuIEEEComputerRole-BasedAccessControlModels[1]RBAC96RBAC1997SandhuARBAC97[2]RBACRBAC96RBACRBACRBACPublicKeyInfrastructurePKI[26,33]PKIPKI—PrivilegeManagementInfrastructurePMI—PMIPKIPKIPMI31.2.2RBACRBAC96RBACNRBAC[3]WRBAC[4]RBAC97RBMHAC[5]NRBACRBACTPB-2-KLPWRBACRBAC96RBAC97RBMHACRBAC[6-10]C/SB/SWebRBACRBACPMIPKI/PMI20027PKI/PMIWG4PMIPMI[11]PMIRBACPMI[12]PMIPMI41.3Agent52.11authentication2authorization2.1.1VPNPMIPKIPMI1SomethingtheuserknowsPIN2SomethingtheuserpossessesATM3Somethingtheuseris6PC2.1.2KerberosPKIPMIPKIPKIPMIPKIPMI2.2SubjectEntitysUseruObjecto7DiscretionaryAccessControlDACMandatoryAccessControlMACRole-BasedAccessControlRBACTask-basedAccessControlTBACObject-basedAccessControlOBAC2.2.1DAC2.2.1.1[13,14]DAC123(WindowsNTServer,UNIX)82.2.1.2s,o,PsoPP(si,oj)sioj2.2.1.3DACDAC(1)(2)(3)(4)92.2.1.4AoBoBo2.2.2MAC2.2.2.1[13,14]DACMACMACread-downwrite-upMAC2.2.2.2MACMACMAC10MAC2.2.2.3MACMACMAC2.2.3RBAC2.2.3.1RBAC[1,2,3,14]RBACDACDACMACRBACRBACRole112.2.3.2RBACRBACRBAC12RBAC2.2.3.3NISTRBAC[15]RBACRBACCoreRBACRBACHierarchicalRBACStaticSeparationofDutyRelationsSSDDynamicSeparationofDutyRelationsDSD1RBACRBACRBACRBACRBACRBACRBAC2-1RBACusers(USERS)roles(ROLES)objects(OBS)operations(OPS)permissions(PRMS)RBACRBAC(SESSIONs)12session_rolesuser_sessionssessionPRMSROLESUSERSSESSIONSOPSOBS(PA)PermissionAssignment(UA)UserAssignmentsession_rolesuser_sessoins2-1RBACFigure2-1CoreRBAC2RBACRBAC2-2R2R1R1R23RBACSSD2-313PRMSROLESUSERSSESSIONSOPSOBS(PA)PermissionAssignment(UA)UserAssignmentsession_rolesuser_sessoins(RH)RoleHierarchy2-2RBACFigure2-2HierarchicalRBACPRMSROLESUSERSSESSIONSOPSOBS(PA)PermissionAssignment(UA)UserAssignmentsession_rolesuser_sessoins(RH)RoleHierarchySSD2-3RBACFigure2-3SSDinHierarchicalRBAC4(WeakExclusion)2-414PRMSROLESUSERSSESSIONSOPSOBS(PA)PermissionAssignment(UA)UserAssignmentsession_rolesuser_sessoinsDSD2-4Figure2-4DynamicSeparationofDutyRelations2.2.3.4RBACRBACRBACRBACRBAC2.3[14]2.3.1AccessControlMatrixACM2-1a[s,o]15so2-1xyzaRWOwnRWOwnbRWOwncRRWd