Title: | 基于角色的访问控制模型在安全操作系统中的实现 |
Author: | 刘伟
|
Issued Date: | 2003
|
Major: | 计算机软件与理论
|
Degree Grantor: | 中国科学院软件研究所
|
Place of Degree Grantor: | 中国科学院软件研究所
|
Degree Level: | 博士
|
Keyword: | 基于角色的访问控制
; 安全操作系统
|
Alternative Title: | Implementation of Role-Based Access Control Model in Secure Operatinng System
|
Abstract: | 由于在满足企业级系统安全需求方面显示了极大的优势,基于角色的访问控制(RBAC)近年来成为访问控制领域的研究热点。研究人员已经提出若干基于角色的访问控制模型,其中包括著名的RBAC%模型族。然而,这些模型定义往往过于抽象或者是面向应用的解决方案,因此其框架很难被系统开发人员理解。本文对基于角色的访问控制的经典模型-RBAC%模型族中的肠AC3模型进行改进,提出一种新的基于角色的访问控制模型-OSRBAC模型。该模型比之RBAC3模型具有实用性、易于理解、易于实现等优点。我们在红旗安全操作系统(RFSOS)中实现了OSRBAC模型。红旗安全操作系统在国内首次采用基于通用访问控制框架的安全操作系统体系结构,将安全属性数据、安全决策和决策实施三者分离,可以灵活地支持多种访问控制机制。具体实现主要分为三部分:访问控制信息、访问控制执行模块和访问控制决策模块。本文给出了支持基于角色的访问控制安全机制的红旗安全操作系统核心的测试数据。实践证明,OSRBAC模型在红旗安全操作系统中的实现对系统性能的影响较小,同时也验证了模型的正确性。最后,我们比较了基于角色的访问控制模型在三个安全操作系统中实现的特性。这三个安全操作系统是:Trusted Solaris 8操作环境、SELinux和红旗安全操作系统。虽然三个系统都基本实现了基于角色的访问控制模型,但实现方法和细节还是有很大不同。通过分析和比较,我们可以看到红旗安全操作系统中的基于角色的访问控制模块比较完整地实现了基于角色的访问控制模型的定义和结构。 |
English Abstract: | Since Role-Based Access Control (RBAC) shows great advantage in meeting the security need in large-scale, enterprise-wide system, RBAC becomes the hot topic in access control research area. Researchers have proposed several RBAC models, which include the famous RBAC96 model. However, these frameworks were sometimes hard for system developers to understand because the models defined are too abstract or focus on application-oriented solutions. In this paper, a new model (OSRBAC model) is discussed, which is the improved model to RBAC3 model in RBAC96 model family. Compared with RBAC3 model, OSRBAC model is more concrete and easilier to understand. We also describe the implementation of OSRBAC model in Red Flag Secure Operating System (RFSOS). RFSOS was the first secure operating system that used the secure operating system architecture of generalized framework for access control in Mainland China, hi RFSOS, security attribute database, secision enforcement module and security decision module are separate from each other. This architecture flexibly supports multiple access control mechanisms. There are three parts in material implementation: access control information, access control enforcement facility and access control decision facility. Practical experience shows that the implementation of OSRBAC model in RFSOS has little inflence on system performance and also proves the validity of OSRBAC model. At the end, we analyzes and compares RBAC features supported in the most recent versions of three secure operating systems: Trusted Solaris 8 Operating Environment, Security-Enhanced Linux and RFSOS. Our finding is that these products provide a sound basis for implementing the basic features of RBAC, although there are significant differences. In particular, RFSOS is the only one to directly support the defmitations of RBAC model. |
Language: | 中文
|
Content Type: | 学位论文
|
URI: | http://ir.iscas.ac.cn/handle/311060/7354
|
Appears in Collections: | 中科院软件所
|
File Name/ File Size |
Content Type |
Version |
Access |
License |
|
LW011254.pdf(2302KB) | -- | -- | 限制开放 | -- | 联系获取全文 |
|
Recommended Citation: |
刘伟. 基于角色的访问控制模型在安全操作系统中的实现[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2003-01-01.
|
|
|