分布式访问控制模型中节点级联失效研究

doi:10.3969/j.issn.1671-1122.2019.12.006

摘要/Abstract

摘要：

访问控制是指系统对用户身份及其所属的预先定义的策略组限制其使用数据资源的手段。访问控制是系统保密性、完整性、可用性和合法使用性的重要基础,是网络安全防范和资源保护的关键策略之一,也是主体依据某些控制策略或权限对客体本身或其资源进行的不同授权访问。随着计算机网络广泛普及,新的访问模式层出不穷,极大影响和改变了人们工作和生活的方式。在网络安全的大背景下,面对互联网用户与数据的爆炸性增长,当前由单一中心组织构建数据管理系统的方式面临更多的挑战。在分布式访问控制模型中,参与访问的节点在访问故障传递机理中是使访问控制模型变得脆弱,甚至失去访问控制能力的根源。文章在复杂网络级联模型的理论基础上,提出一种基于分布式访问控制模型节点级联失效的安全性分析方法。文章利用节点在执行访问控制过程中的相关属性参数,设计选择性失效和随机失效两种失效方式进行模拟实验,通过实验数据展示不同失效方式对访问控制模型中有效节点比的影响。

关键词: 访问控制, 访问状态, 级联失效, 有效节点比

Abstract:

Access control refers to the means by which the system restricts the user's identity and the predefined policy group to use data resources. Access control is important foundation of system confidentiality, integrity, availability and legitimate use, is one of the key strategies of network security and resource protection, and is also the different authorization access of subject to object itself or its resources according to some control strategies or permissions. With the wide spread of computer networks, new access modes emerge in endlessly, which greatly affects and changes the way people work and live. Under the background of network security, with the explosive growth of Internet users and data, the current way of building data management system by a single center organization faces more challenges. In the distributed access control model, the nodes participating in the access are the sources of making the access control model vulnerable or even losing the access control ability in the access failure transfer mechanism. Based on the theory of complex network cascading model, this paper proposes a security analysis method based on node cascading failure of distributed access control model. This paper designs two kinds of failure modes, selective failure and random failure, to conduct simulation experiment by using the relevant attribute parameters of the nodes in the process of access control. The experimental data demonstrates the effect of different failure modes on the effective node ratio in the access control model.

Key words: access control, access state, cascading failure, effective node ratio

中图分类号:

TP309

蔡方博, 何泾沙, 朱娜斐, 韩松. 分布式访问控制模型中节点级联失效研究[J]. 信息网络安全, 2019, 19(12): 47-52.

Fangbo CAI, Jingsha HE, Nafei ZHU, Song HAN. Research on Cascading Failure of Nodes in Distributed Access Control Model[J]. Netinfo Security, 2019, 19(12): 47-52.

图/表 6

图1

图2

图3

图4

图5

图6

参考文献 15

[1]	PENG Hao, KAN Zhe, ZHAO Dandan, et al.Cascading Failure and Security Evaluation of Information Physics Systems under Deliberate Attack Strategy[J]. Journal of Zhengzhou University(Science and Technology Edition), 2019, 51(3): 13-21.
	彭浩,阚哲,赵丹丹,等.蓄意攻击策略下信息物理系统的级联失效及安全评估[J].郑州大学学报(理学版),2019,51(3):13-21.
[2]	MA Mingxin, SHI Guozhen, WANG Yaqiong, et al.Multi-level Security Access Control Strategy for Distributed Systems[J]. Journal of Network and Information Security, 2017, 3(8): 32-38.
	马铭鑫,史国振,王亚琼,等.适用于分布式系统的多级安全访问控制策略[J].网络与信息安全学报,2017,3(8):32-38.
[3]	SANDHU R, FERRAIOLO D, KUHN R.The NIST Model for Role-based Access Control: towards a Unified Standard[C]//ACM. The fifth ACM Workshop on Role-based Access Control, July 26-28, 2000 , Berlin, Germany. New York: ACM, 2000: 47-63.
[4]	SHI ke. A Two-way Access Control Model Based on Behavioral Trust [D]. Nanjing: Nanjing University of Posts and Telecommunications, 2018.
	史可. 一种基于行为信任的双向访问控制模型[D]. 南京:南京邮电大学,2018.
[5]	LI Chaoya.Research on Secure Communication and Access Control Mechanism in Internet of Things[D]. Xi’an: Xidian University, 2018.
	李超亚. 物联网环境下安全通信和访问控制机制的研究[D].西安:西安电子科技大学,2018.
[6]	HUANG Yehua.Network Security Situation Assessment Technology Based on Subsection Attack[J]. Journal of Shandong Agricultural University(Natural Science Edition), 2019(3): 489-491.
	黄晔华. 基于分段攻击的网络安全态势评估技术[J].山东农业大学学报(自然科学版),2019(3):489-491.
[7]	LEI Min, MO Shuangye.Vulnerability Analysis of Complex Power Network Based on Maximum Flow Algorithm[J]. Journal of Hunan University of Technology, 2019, 33(3): 55-61.
	雷敏,莫霜叶.基于最大流算法的复杂电力网络脆弱性分析[J].湖南工业大学学报,2019,33(3):55-61.
[8]	YANG Hongyu, NING Yuguang.A Dynamic Risk Access Control Model for Cloud Platform[J]. Journal of Xidian University, 2018, 45(5): 80-88.
	杨宏宇,宁宇光.一种云平台动态风险访问控制模型[J].西安电子科技大学学报,2018,45(5):80-88.
[9]	MA Xingchen, ZHU Jiantao, SHAO Jing, et al.A Decentralized Access Control Model Based on Attributes[J]. Computer Technology and Development, 2018, 28(9): 118-122.
	马星晨,朱建涛,邵婧,等.一种基于属性的去中心化访问控制模型[J].计算机技术与发展,2018,28(9):118-122.
[10]	YANG Hongyu, NING Yuguang.Weight Allocation Method of Cloud Platform Access Control Adaptive Risk Assessment Index[J]. Computer Application, 2018, 38(6): 1614-1619.
	杨宏宇,宁宇光.云平台访问控制自适应风险评估指标权重分配方法[J].计算机应用,2018,38(6):1614-1619.
[11]	YAN Li, LI Ming, ZHANG Cheng, et al.Network Security Analysis and Monitoring Platform Security Protection Key Technology[J]. Software Guide, 2019(6): 196-199.
	严莉,李明,张丞,等.网络安全分析与监控平台安全防护关键技术[J]. 软件导刊,2019(6):196-199.
[12]	WANG Qiong, HE Xinhua, ZHAO Yingkun, et al.Load Balancing Algorithm Based on Load Prediction of Access Characteristics[J]. Journal of Academy of Armored Force Engineering, 2009, 23(5): 68-71.
	王琼,何新华,赵颖坤,等.基于访问特征负载预测的负载均衡算法[J].装甲兵工程学院学报,2009,23(5):68-71.
[13]	GE Jun, MENG Gan, ZHOU Dongqing, et al.Construction of Network Situation Assessment Model for Smart Grid[J]. Automation & Instrumentation, 2019(4): 113-117.
	葛军,孟干,周冬青,等.面向智能电网的网络态势评估模型构建[J].自动化与仪器仪表,2019(4):113-117.
[14]	ZHANG Kun, LI Peipei, ZHU Baoping, et al.Evaluation Method of Node Importance of Directed Weighted Complex Network Based on PageRank[J]. Journal of Nanjing University of Aeronautics and Astronautics, 2013, 45(3): 429-434.
	张琨,李配配,朱保平,等.基于PageRank的有向加权复杂网络节点重要性评估方法[J].南京航空航天大学学报,2013,45(3):429-434.
[15]	WANG Yu, GUO Jinli.A Directed Weighted Network Node Importance Assessment Method Based on Multiple Influence Matrix[J]. Acta Physica Sinica, 2017, 66(5): 19-30.
	王雨,郭进利.基于多重影响力矩阵的有向加权网络节点重要性评估方法[J].物理学报,2017,66(5):19-30.