高级检索

    位置约束的访问控制模型及验证方法

    Location-Constrained Access Control Model and Verification Methods

    • 摘要: 随着物联网和信息物理融合系统等新一代信息技术的发展,位置约束的访问控制系统的安全性需求不仅体现在虚拟的信息空间,还体现在现实的物理空间.如何在这种新需求下制定位置约束的访问控制模型与验证方法成为保证访问控制系统安全的关键所在.首先提出位置约束访问控制模型,包括LCRBAC模型和EM模型,实现对信息空间和物理空间的静态结构以及两空间中实体动态行为的刻画;其次利用偶图和偶图反应系统建模位置约束访问控制模型,生成访问控制策略标注转移边的标号变迁系统;然后根据标号变迁系统验证结果,提出针对死锁状态、违反状态和不可达状态的策略修改方案;最后通过银行访问控制系统实例分析说明所提方法能够对信息空间和物理空间以及两空间交互行为的访问控制策略进行建模和验证.

       

      Abstract: With the advent of Internet of things and cyber-physical systems, location-constrained access control systems need to consider security requirements of cyber spaces and physical spaces simultaneously, because the boundary between the physical and the cyber world becomes unclear in these new paradigms. However, the most existing access control models consider physical and cyber security separately, and they are oblivious to cyber-physical interactions. Authorization models are needed to help the security policy design and express higher-level organizational security rules. Firstly, the environment model (EM) and location-constrained role-based access control (LCRBAC) model are proposed. The environment model is presented for describing the static topology configuration of cyber space and physical space. The LCRBAC model is used to describe dynamic behaviors of cyber entities and physical entities. Secondly, given the bigraphs and bigraphs reactive systems that describe the environment configuration and entities behaviors respectively, a labeled transition system is obtained by applying reaction rules to the environment configuration. Thirdly, policy modification proposals are proposed for deadlock states, violation states, and unreachable states based on the verification results on the labeled transition system. Finally, a case study concerned with a bank building automation access control system is conducted to evaluate the effectiveness of the proposed approach.

       

    /

    返回文章
    返回