跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.80) 您好!臺灣時間:2024/12/12 18:24
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:楊育文
研究生(外文):Yuh-wen Yang
論文名稱:應用質因式乘積之角色導向存取控制
論文名稱(外文):Role-Based Access Control with Prime Product
指導教授:伍麗樵伍麗樵引用關係
指導教授(外文):Lih-Chyau Wuu
學位類別:碩士
校院名稱:國立雲林科技大學
系所名稱:電子工程與資訊工程技術研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2000
畢業學年度:88
語文別:中文
論文頁數:56
中文關鍵詞:存取控制憑證質數積
外文關鍵詞:Access ControlRole-Based Access ControlCapabilityPrime product
相關次數:
  • 被引用被引用:0
  • 點閱點閱:135
  • 評分評分:
  • 下載下載:6
  • 收藏至我的研究室書目清單書目收藏:0
本論文提出一個實現Role based access control的存取控制機制,稱為SACPF (Secure Access Control with Prime Factorization)。在SACPF架構中,角色繼承關係(Role inheritance)被隱含在憑證(Capability)上的角色資訊(Role Information)中,而角色資訊為一組質數的乘積,透過質因式分解,可推得角色繼承關係,進而得知該角色所擁有的權限。
SACPF為一分散式系統架構,包含唯一角色管理者,及多個分散各處的物件管理者,使用者在向物件管理者提出物件存取要求時,須先向角色管理者取得憑證,憑證上設有使用者對應角色的資訊,系統依據憑證上的資訊驗證使用者身分,並做出存取控制決定。
SACPF機制能提供有效且方便的安全管理,包括角色繼承(Role inheritance)、角色授權(Role authorization)、物件存取授權(Access object authorization)、及使用者(User)、角色(Role)、物件(Object)在系統中可動態地被加入與刪除;適度修改SACPF,更可以滿足某些系統的特殊安全需求,如角色私有權限、物件存取次數的限制,及多角色共同控制物件存取等。
In this paper, we proposed an access control scheme to implement Role-Based Access Control, named SACPF (Secure Access Control with Prime Factorization). In the SACPF structure, the role inheritance is implied in the Role information on the capability. And the Role information is a product of primes. It can deduce the role inheritance and the permission of the role by prime factorization of the role information.
SACPF is a distributed approach, which includes the one Role Manager and several Object Managers. Before taking the object access request to the Object Manager, the user has to get the capability from the Role Manager. There exists the Role information on the capability and the system authenticates the user and makes the access control decision according to the capability held by the user.
SACPF scheme provides an effective and efficient security management that includes the Role inheritance, the Role authorization, the Access object authorization, and User/Role/Object addition/deletion. By modifying the SACPF,several special security requirements can be satisfied, such as the private role attribute, the limited times of object access, and the multi-roles concurrently controlling object access.
一、緒論………………………………………………… 1
1.1 研究動機……………………………………… 2
1.2 相關研究……………………………………… 5
1.2.1Role-Based Access Control架構………… 5
1.2.2Role-Based Access Control實現機制……… 7
1.3 SACPF安全存取控制機制之特性……………… 9
1.4 論文架構……………………………………… 11
二、SACPF系統架構………………………. …………… 12
2.1 SACPF系統架構組成…………………………… 12
2.2 角色管理者(Role Manager) ………………… 13
2.2.1角色的表示…………………………………… 13
2.2.2User-Role Table……………………………… 14
2.2.3憑證格式………………………. …………… 16
2.2.4使用者身分驗證及憑證取得………………… 18
2.3 物件管理者(Object Manager) ……………… 19
2.3.1Role-Permission Table……………………… 20
2.3.2Revocation List………………………. …… 22
2.3.3物件存取控制流程……………………………… 23
三、SACPF系統運作………………………. …………… 26
3.1 角色的加入……………………………………… 26
3.1.1User-Role Table………………………. …… 26
3.1.2Role-Permission Table……………………… 29
3.2 角色的刪除…………………………………… 30
3.2.1User-Role Table……………………………… 30
3.2.2Revocation List……………………………… 31
3.2.3Role-Permission Table……………………… 31
3.3 使用者的加入………………………………… 32
3.4 使用者的刪除………………………………… 32
3.4.1User-Role Table……………………………… 33
3.4.2Revocation List……………………………… 34
3.5 物件的加入……………………………………… 34
3.6 物件的刪除……………………………………… 36
3.7 SACPF與Access Control Matrix的比較……… 37
3.7.1系統策略變更…………………………………… 37
3.7.2物件的加入……………………………………… 39
四、特殊的安全策略……………………………………… 41
4.1 私有角色權限…………………………………… 41
4.2 物件存取次數的限制…………………………… 45
4.2.1憑證格式及Role-Permission List的更改…… 45
4.2.2次數限制的存取控制流程……………………… 46
4.3 多角色共同控制之物件存取…………………… 48
4.3.1多角色同時控制物件存取……………………… 48
4.3.2多角色依序控制物件存取……………………… 50
五、結論……………………………………….. ……… 54
六、參考文獻…………………………………………… 56
Sandhu R.S.; Samarati P.,”Access control: principle and practice”, IEEE Communications Magazine Volume: 32 9, Sept. 1994, pp 40 —48.
Sandhu R.S.; Coyne E.J.; Feinstein H.L,”Role-based access control models”, Computer Volume: 29 2, Feb. 1996, pp38 —47.
Sandhu R.S.; Coyne E.J.; Feinstein H.L.; Youman C.E.,”Role-based access control: A multi-dimensional view”, Computer Security Applications Conference, 1994. Proceedings. 10th Annual, 1994, pp 54-62.
Sandhu R.S.; Munawer, Q., “The RRA97 model for role-based administration of role hierarchies”, Computer Security Applications Conference, 1998. Proceedings. 14th Annual, 1998, pp 39 —49.
Sandhu R.S.; Munawer Q., “The ARBAC99 model for administration of roles”, Computer Security Applications Conference, 1999. (ACSAC ''99). Proceedings. 15th Annual, 1999, pp 229 —238.
Sandhu R.S.; Feinstein H.,“A three tier architecture for role-based access control”, Proceeding of 17th NIST-NCSC national computer conference, Baltimore, MD, Oct. 11-14, 1994, pp138-149.
Ferraiolo D.F.; Cugini J.A.; Kuhn D.R.,”Role-based access control: Features and Motivations”, In Annual Computer Security Applications Conference. IEEE Computer Society Press, 1995.
Giuri L.; Iglio P.,”A formal model for role-based access control with constrains ”, Computer Security Foundations Workshop, 1996. Proceedings, 9th IEEE, 1996, pp136 —145.
Lau K.W.; Jarzabek S.,”A generic discretionary access control system for reuse framework”, Computer Software and Applications Conference, 1998. COMPSAC ''98. Proceedings. 1998, pp356 —361.
Kuhn D.R., “Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems”, in second ACM workshop on role-based access control, Nov. 1997.
Barkley J., “Comparing simple role based access control models and access control lists”, in second ACM workshop on role-based access control, Nov. 1997.
Barkley J., ”Implementing Role based access control using object technology”, In first ACM workshop on role-based access control, 1995.
Yialelis N.; Lupu E.; Sloman M.,”role-based security for distributed object systems”, Enabling Technologies: Infrastructure for Collaborative Enterprises, 1996. Proceedings of the 5th Workshop, 1996, pp 80 —85.
Kao I.L.; Chow R.,”An extended capability architecture to enforce dynamic access control policies”, Computer Security Applications Conference, 1996, 12th Annual, 1996,pp148 —157.
Gustafsson M.; Deligny B.; Shahmehri N, “Using NFS to implement Role-based access control”, Enabling Technologies: Infrastructure for Collaborative Enterprises, 1997. Proceedings, Sixth IEEE Workshops, 1997, pp 299 —304.
Tari Z.; Chan S.W., ”A role-based access control for intranet security”, IEEE Internet Computing Volume: 1 5, Sept.-Oct. 1997, pp24 —34.
Barkley J.; Cincotta A., “Managing role/permission relations using object access types”, In third ACM workshop on role-based access control, 1998.
Hayton R.J.; Bacon J.M.; Moody K.,”Access control in an open distributed environment”, Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium, 1998,pp3 —14.
Thomsen D.; O''Brien D.; Bogle J.,”Role based access control framework for network enterprises”, Computer Security Applications Conference, 1998. Proceedings. 14th Annual, 1998, pp 50 —58.
Park J.S.; Sandhu R.S.; Ghanta S.,”RBAC on the secure cookies”, In Proceedings of the IFIP WG11.3 Workshop on Database Security. Chapman & Hall, July, 1999.
Wong C. K., et al., ”Secure Group Communications Using Key Groups”, Proceedings of ACM SIGCOMM’98, available from http://www.acm.org/sigcomm/sigcomm98/tp/paper06.pdf.
Wallner D., et al., “Key Management for Multicast: Issues and Architectures”, RFC 2627.
Harkins D., Carrel D., “The Internet Key Exchange (IKE)”, RFC 2409.
Maughan D., et al. “Internet Security Association and Key Management Protocol (ISAKMP)”, RFC 2408.
Li G.; Shacham N., “Elements of trusted multicasting”, International Conference on Network Protocols, 1994, pp. 23 —30.
Garonni G., et al., “Efficient security for large and dynamic multicast groups”, Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative, 1998, pp.376 —383.
Waldvogel M., et al., “The Versa Key Framework: Versatile Group Key Management”, IEEE Journal on selected area in communications, Vol 17, no. 9, Sept 1999, pp.1614-1631.
Schneier B., Applied Cryptography, second edition, John Wiley & Sons, Inc., 1996.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊