• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文学位 >Security assurance for a resource-based RBAC/DAC/MAC security model.
【24h】

Security assurance for a resource-based RBAC/DAC/MAC security model.

机译:基于资源的RBAC / DAC / MAC安全模型的安全保证。

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The day-to-day operations of corporations and government agencies rely on inter-operating software artifacts (e.g., legacy, commercial-off-the shelf (COTS), government-off-the-shelf (GOTS), databases, servers, etc.) and client applications, which are brought together into a distributed environment running middleware (e.g., CORBA, JINI, DCOM, etc.). In such a distributed environment, the interactions occur via the application programmer interfaces, APIs, of the software artifacts, which are available for use by any and all client applications, without restriction. However, security administrators are interested in controlling access by client applications to the methods of these artifact APIs as defined within a security policy. Specifically, they are interested in controlling for a given user/client: who can invoke methods based on role and security clearance; which methods can be invoked based on role or clearance level; when the methods can be invoked based on any time limitations; and under which values (parameters) the methods can be invoked.; This dissertation will present the findings of our research that proposes a unified role-based access control (RBAC), discretionary access control (DAC), and mandatory access control (MAC) security model and associated security enforcement framework that provides a level of security assurance. Specifically, we provide the means for security officers to concretely and precisely specify a security policy for a distributed application using a resource-based RBAC/DAC/MAC security model which will allow fine grained control to the API's of software artifacts. The RBAC/DAC/MAC security model capabilities and accompanying security assurance assertions can be utilized to control access to artifact APIs (methods) based on role, clearance and classification, time limits, and data value constraints. In this dissertation, we report on the research results of this work, focusing on: a detailed discussion of our current unified RBAC/DAC/MAC model---core definitions and role delegation; an in-depth examination and proof of security assurance guarantees, checked at design time and run time, which provides for both safety (nothing bad can happen) and liveness (all good things can happen); a review of our accompanying security enforcement framework that utilizes our custom security resource that supports the RBAC/DAC/MAC model; and a review of our prototyping efforts on the enforcement framework and associated security administration and management tools. In addition, we report on related research and highlight the contributions of the research.
机译:公司和政府机构的日常运营依赖于互操作的软件工件(例如,遗留,现成的商用(COTS),现成的政府(GOTS),数据库,服务器等和客户端应用程序,它们被集成到运行中间件(例如CORBA,JINI,DCOM等)的分布式环境中。在这样的分布式环境中,交互是通过软件工件的应用程序程序员接口API进行的,这些接口可供任何和所有客户端应用程序使用而不受限制。但是,安全管理员对控制客户端应用程序对安全策略中定义的这些工件API的方法的访问感兴趣。具体来说,他们对控制给定的用户/客户端感兴趣:谁可以基于角色和安全权限调用方法;根据角色或权限级别可以调用哪些方法;何时可以基于任何时间限制调用方法;以及可以在哪些值(参数)下调用这些方法。本文将介绍我们的研究结果,该研究结果提出了一个统一的基于角色的访问控制(RBAC),任意访问控制(DAC)和强制访问控制(MAC)安全模型以及相关的安全实施框架,从而提供了一定程度的安全保证。具体来说,我们为安全人员提供了一种手段,可以使用基于资源的RBAC / DAC / MAC安全模型为分布式应用程序具体而精确地指定安全策略,该模型将允许对软件工件的API进行精细控制。 RBAC / DAC / MAC安全模型功能以及随附的安全保证声明可用于基于角色,许可和分类,时间限制以及数据值约束来控制对工件API(方法)的访问。在这篇论文中,我们报告了这项工作的研究成果,重点是:对我们当前的统一RBAC / DAC / MAC模型的详细讨论-核心定义和角色委托;在设计时和运行时检查的深入检查和安全保证保证的证明,同时提供安全性(不会发生坏事)和活跃性(所有可能发生的事);审查了我们随附的安全实施框架,该框架利用了支持RBAC / DAC / MAC模型的自定义安全资源;以及我们在执行框架以及相关安全管理和管理工具方面的原型设计工作的回顾。另外,我们对相关研究进行报告,并着重指出研究的贡献。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号