信息网络安全 ›› 2019, Vol. 19 ›› Issue (12): 47-52.doi: 10.3969/j.issn.1671-1122.2019.12.006

• 技术研究 • 上一篇    下一篇

分布式访问控制模型中节点级联失效研究

蔡方博(), 何泾沙, 朱娜斐, 韩松   

  1. 北京工业大学信息学部,北京100124
  • 收稿日期:2019-06-17 出版日期:2019-12-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:蔡方博(1990—),女,辽宁,博士研究生,主要研究方向为计算机与网络安全、网络检测与分析;何泾沙(1961—),男,陕西,教授,博士,主要研究方向为网络安全、测试与分析和云计算;朱娜斐(1981—),女,河南,副教授,博士,主要研究方向为网络安全、隐私保护和区块链;韩松(1994—),男,陕西,硕士研究生,主要研究方向为网络安全、访问控制。

  • 基金资助:
    国家自然科学基金[61602456]

Research on Cascading Failure of Nodes in Distributed Access Control Model

Fangbo CAI(), Jingsha HE, Nafei ZHU, Song HAN   

  1. Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China
  • Received:2019-06-17 Online:2019-12-10 Published:2020-05-11

摘要:

访问控制是指系统对用户身份及其所属的预先定义的策略组限制其使用数据资源的手段。访问控制是系统保密性、完整性、可用性和合法使用性的重要基础,是网络安全防范和资源保护的关键策略之一,也是主体依据某些控制策略或权限对客体本身或其资源进行的不同授权访问。随着计算机网络广泛普及,新的访问模式层出不穷,极大影响和改变了人们工作和生活的方式。在网络安全的大背景下,面对互联网用户与数据的爆炸性增长,当前由单一中心组织构建数据管理系统的方式面临更多的挑战。在分布式访问控制模型中,参与访问的节点在访问故障传递机理中是使访问控制模型变得脆弱,甚至失去访问控制能力的根源。文章在复杂网络级联模型的理论基础上,提出一种基于分布式访问控制模型节点级联失效的安全性分析方法。文章利用节点在执行访问控制过程中的相关属性参数,设计选择性失效和随机失效两种失效方式进行模拟实验,通过实验数据展示不同失效方式对访问控制模型中有效节点比的影响。

关键词: 访问控制, 访问状态, 级联失效, 有效节点比

Abstract:

Access control refers to the means by which the system restricts the user's identity and the predefined policy group to use data resources. Access control is important foundation of system confidentiality, integrity, availability and legitimate use, is one of the key strategies of network security and resource protection, and is also the different authorization access of subject to object itself or its resources according to some control strategies or permissions. With the wide spread of computer networks, new access modes emerge in endlessly, which greatly affects and changes the way people work and live. Under the background of network security, with the explosive growth of Internet users and data, the current way of building data management system by a single center organization faces more challenges. In the distributed access control model, the nodes participating in the access are the sources of making the access control model vulnerable or even losing the access control ability in the access failure transfer mechanism. Based on the theory of complex network cascading model, this paper proposes a security analysis method based on node cascading failure of distributed access control model. This paper designs two kinds of failure modes, selective failure and random failure, to conduct simulation experiment by using the relevant attribute parameters of the nodes in the process of access control. The experimental data demonstrates the effect of different failure modes on the effective node ratio in the access control model.

Key words: access control, access state, cascading failure, effective node ratio

中图分类号: