访问控制安全模型研究
Research on access control security model
徐晨 1朱润酥 2吴振洲 1纪添 1李晨希1
作者信息
- 1. 深圳清华大学研究院,广东深圳 518057
- 2. 深圳市龙华区政务服务数据管理局,广东深圳 518100
- 折叠
摘要
[目的/意义]人类拥有资产后出现了广义的访问控制概念,例如门卫、锁、保险柜限制外人"访问"贵重物品.在现代信息系统中,组织机构需要为员工、网络、计算资源、客户、合作伙伴和云服务供应商等设置访问权限.访问控制是存在于所有系统中的基础安全机制,在快速发展变化的商业环境中,建立和维护适当的访问权限较为复杂.[方法/过程]通过对各种访问控制模型的发展历史、安全策略和适用场景等问题的分析与研究,总结各种访问控制模型的优缺点,结合当前场景需求,探讨未来访问控制模型的一些可能性.[结果/结论]通过研究访问控制安全模型的发展历程,发现各种模型解决的问题不尽相同.在复杂多变的环境下,保证访问控制安全模型的灵活、兼容和易用,是组织机构增强安全能力、降低系统和资源风险的有力保障.
Abstract
[Purpose/Significance]After humans owned assets,the concept of broad access control emerged,such as doormen,locks,and safes to restrict outsiders'"access"to valuables.In modern information systems,organizations need to set access rights for employees,networks,computing resources,customers,partners,and cloud service providers.Access control is a fundamental security mechanism that exists in all systems,and it can be complex to establish and maintain appropriate access rights in a rapidly changing business environment.[Method/Process]This paper analyzes the development history,security policies,applicable scenarios and related problems of various access control models,summarizes the advantages and disadvantages of various access control models,and considers some possibilities of future access control models combined with current demand scenarios.[Results/Conclusion]By studying the development of access control security models,it is found that different models solve different problems.In today's complex and changing environment,ensuring that access control security models are flexible,compatible,and easy to use is a powerful guarantee for organizations to enhance security capabilities and reduce risks to systems and resources.
关键词
自主访问控制模型/强制访问控制模型/Clark-Wilson/Biba/基于角色的访问控制/身份供应商Key words
discretionary access control/mandatory access control/clark-wilson/biba/role-based access control/identity vendor引用本文复制引用
基金项目
深港联合资助项目(SGDX20190917160803729)
出版年
2024
NETL
NSTL
万方数据