CN102081712A - Role dynamic transition method supporting difference measurement - Google Patents

Role dynamic transition method supporting difference measurement Download PDF

Info

Publication number
CN102081712A
CN102081712A CN2011100084075A CN201110008407A CN102081712A CN 102081712 A CN102081712 A CN 102081712A CN 2011100084075 A CN2011100084075 A CN 2011100084075A CN 201110008407 A CN201110008407 A CN 201110008407A CN 102081712 A CN102081712 A CN 102081712A
Authority
CN
China
Prior art keywords
role
authentication
powers
user
functions
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011100084075A
Other languages
Chinese (zh)
Other versions
CN102081712B (en
Inventor
廖湘科
李姗姗
李文博
何连跃
吴庆波
陈松政
魏立峰
王蕾
彭绍亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN201110008407A priority Critical patent/CN102081712B/en
Publication of CN102081712A publication Critical patent/CN102081712A/en
Application granted granted Critical
Publication of CN102081712B publication Critical patent/CN102081712B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a role dynamic transition method supporting difference measurement, which reduces the risk of role transition on the premise of not adding user load and reducing the flexibility of application. The technical scheme comprises the following steps of: designing an authentication trustworthiness-based pluggable authentication module (AT-PAM) by adopting the idea of authentication credibility reasoning; deducing to obtain user credibility according to different registration modes of the user by the AT-PAM; measuring role difference degree by an analytic hierarchy process (AHP); and comparing the role difference degree and the role transition threshold value under the current user credibility to judge whether the role transition can be performed. By the method, the corresponding control of the application can be kept while the flexibility of the application is improved, the problems caused when the authentication and the access control are independent of each other are solved, and safety of a system is guaranteed while the flexibility of the system is kept.

Description

A kind of role's dynamic converting method of supporting difference measurement
Technical field
The present invention relates to the dynamic converting method of role in the operating system, role's dynamic converting method of a large amount of roles and complicated applications is especially arranged.
Background technology
Access control is the class important technology in the information security field, its effect is that the main body (user or process) of needs visit is carried out authentication, the restriction main body uses computer system to the access rights of visit object (file or system) in legal scope.Studies show that 80% attack and invasion all from organization internal, derive from the illegal use and the unauthorized access of validated user.Access control can stop this destruction from inside to greatest extent.It guarantees that by the control of authoring system the user can only obtain the minimum authority of access resources, avoids the generation of unauthorized access.Along with development of internet technology and universal, the importance of access control more and more is familiar with by people, its connection is with some other information security technology, such as password, authentication isolation and access agent, anti-virus etc. with between identification, audit, net, be devoted to make the multiple security service of a kind of support, have the infosystem of strong security mechanism.
At different security strategies many access control models have been proposed, as autonomous type access control (DAC), forced action type access control (MAC) with based on role's access control (RBAC).The workload of single autonomous type and forced action type access control policy is big, and be not easy to manage, and have such as safe based on role's access control (RBAC), dirigibility is strong, near advantages such as real worlds, once proposing just to have obtained concern widely, obtained a large amount of application in a lot of fields at present, development is comparatively ripe.
Based on the principle of least privilege, in existing operating system,,, all be least privilege role of user binding at the beginning no matter through which kind of authentication for the major applications in the system based on RBAC.Role's authority has determined user's authority, and when the user need carry out some limited operation, no matter before whether the user carried out authentication, all needed the user is landed once more.System repeats to land the workload that has increased the user, has reduced application flexibility.
Role's dynamic translation is a good method that addresses the above problem, but role's dynamic translation has changed original role's translative mode, has brought series of new problems.To changing whether perception, role transforming can be divided into explicit conversion and implicit conversion according to the user, and the conversion of two classes all exists difficult point separately.In the explicit conversion, need select the interface, select the interface and the remote access user can't eject the role for the user provides the role.In the implicit conversion, if adopt the mode of creating new process, then the interruption of former process is difficult to recover on-the-spot, does not also have the method for local role's dynamic translation in a kind of suitable operating system at present.
In current secure operating system, along with soaring of computer speed and popularizing that network parallel calculates, a little less than more and more old authentication mechanisms become and are highly brittle; Simultaneously, also need easily for user management, the marquis need remove to change the verification process of application program sometimes.It is very inconvenient that the authentication mechanism of traditional application program just seems.Unified Login With Pluggable Authentication Modules (PAM) (V.Samar, R.Schemers.http: //www.opengroup.org/tech/rfc/mirror-rfc/rfc86.0.txt), October 1995) the insertable authentication module announced is that PAM (PLUGGABLE AUTHENTICATION MODULES) has solved this problem.PAM is mainly by PAM engine (in the PAM storehouse the among/lib, comprising PAM API and PAM SPI), authentication module, and three parts of configuration file are formed.If certain application program has been used PAM, when it need carry out authentification of user, by reading authentication module with the configuration file loading configuration file appointment of this application name./ etc/pam.d catalogue is used to store the configuration file of all PAM application programs, and each application program (exactly being each service) all has its configuration file.Configuration file is made up of rule, and every rule comprises that four fields---module type (has been specified the PAM module type.Existing 4 kinds of module types are respectively auth, account, session and password), the control sign (specified to PAM module result the action that should take.4 values that might use are required, requisite, optional and sufficient), module path (the absolute path name position that has comprised the PAM module), variable (sign of module or option).
Application program only need be given PAM verification process simply, then, by PAM the user is authenticated, and PAM returns to authentication result application program again, and application program is not also known that PAM makes on earth and how the user authenticated.
The user successfully thinks just that by the authentication mechanism of system this user is " credible " user.Yet the hacker can successfully gain user's Service Ticket by number of ways by cheating, bypassing authentication module login system, but the hacker obviously is not " credible " user.And credible be irrational, be a kind of embodiment of experience, concrete content is not only arranged, the division of degree also should be arranged.
At how embodying the problem of user by the authentication mechanism of varying strength, University of Science and Technology for National Defence has proposed authentication confidence level inference pattern, wherein uses for reference the thought of uncertain inference in the expert system, utilizes confidence level to come these uncertain factors are measured.
Define 1 confidence level and represent a things or phenomenon x subjective believable degree in system, with t (x) expression, t (x) ∈ [0,1].T (x) is that 0 expression is insincere fully, is that 1 expression is credible fully.
Definition 2 authentication confidence levels are represented the confidence level of Verification System to user u authentication back acquisition, use t Au(u) expression, t Au(u) ∈ [0,1], E is the precondition of conclusion H, promptly the user is by the authentication of authentication mechanism.
t au(u)=p(H|E)
Precondition with respect to conclusion H (user is credible) and
Figure BDA0000043924180000031
(user is insincere) is separate.
Define 3 CF enhancers and represent that the user is satisfying the relative extent that the confidence level acquisition strengthens under the authentication mechanism precondition, with TEF (H, E) expression.Wherein, E refers to the authentication mechanism that the user satisfies, and H represents the credible conclusion of user.
TEF ( H , E ) = p ( H | E ) - p ( H ) 1 - p ( H ) p ( H ) < 1 0 p ( H ) = 1 - - - ( 1 )
The initial trusted degree of p (H) expression user, the confidence level when promptly the user is without any mechanism authentication, the derivation formula of user's confidence level is under authentication mechanism E:
p(H|E)=TEF(H,E)+(1-TEF(H,E))p(H) (2)
On the believable basis of authentication mechanism, confidence level obtains the degree of increase under the system authentication success situation, is equivalent to the degree that the authentication confidence level weakens under the system authentication failure scenarios.When therefore only needing to consider that precondition satisfies, the situation that confidence level increases.At different authentication mechanism, two kinds of derivation methods of single authentication mechanism and many authentication mechanisms are arranged.Single authentication mechanism refers to the user only by a kind of authentication of authentication mechanism, and many authentication mechanisms refer to that the user passes through the authentication of two or more authentication mechanism.
The derivation formula of single authentication mechanism is obtained by (2): E wherein 1Represent a kind of authentication mechanism, p (H|E 1) represent by authentication mechanism E 1Back user's confidence level.P (H) and TEF (H, E 1) be priori value, determine by the system manager.
p(H|E 1)=TEF(H,E 1)+(1-TEF(H,E 1))p(H) (3)
Many authenticate rulers are to obtain by derivation on the basis of single authentication: E wherein 1E 2... E sThe different authentication mechanism of expression s kind.P (H|E 1E 2... E s) expression passes through E 1E 2... E sMechanism authentication back user's confidence level.
p ( H | E 1 E 2 . . . E s ) = p ( H | E 1 ) . . . p ( H | E s ) p ( &Not; H ) n - 1 p ( &Not; H | E 1 ) . . . p ( &Not; H | E s ) p ( H ) n - 1 + p ( H | E 1 ) . . . p ( H | E s ) p ( &Not; H ) n - 1 - - - ( 4 )
If user authentication information is associated with role's conversion, can when increasing application flexibility, guarantees the security of system, but also not have open source literature to relate at present.
Summary of the invention
The technical problem to be solved in the present invention is, at explicit role transforming mode, increased user's use burden, reduced application flexibility; Though the role transforming of implicit expression can be finished role's conversion under the situation of not perception of user, but may provide opportunity to the disabled user, cause the problem out of control of System Privileges, a kind of role's dynamic converting method of supporting difference measurement is provided, do not increase burden for users, do not reducing under the prerequisite of application flexibility, reducing the risk of role transforming.
Operating system is divided into ability to institute's privileged trading, and wherein each ability is represented a kind of privilege.Supposing the system has n ability, is designated as C 0, C 1..., C n, then the ability complete or collected works are ∑={ C 0, C 1..., C n.Because the function difference that various abilities are brought into play in system, residing status is also different, therefore, according to the status of powers and functions in system, it is divided different types, and give different weights.
Technical solution of the present invention is: the authentification of user confidence level is associated with role's conversion, on the basis of PAM authentication framework, introduces the thought design AT-PAM of authentication confidence level reasoning, determine the authentication confidence level.Divide different authentication confidence levels according to the different landing approaches that the user adopts, obtain role's weights by the difference of analyzing powers and functions between the role, thereby obtain the diversity factor between the role, the authentification of user confidence level is combined with diversity factor between the role, mark off switching threshold.By comparing, judge whether to allow role transforming with switching threshold.Concrete steps are:
The first step is associated the authentification of user confidence level with role's conversion, on the basis of PAM authentication framework, adopt the thought design AT-PAM of authentication confidence level reasoning, and method is:
1.1 revise the configuration file of PAM, it is capable to count s interpolation s at the configuration file end according to the kind of authentication mechanism:
TEF (H, E wherein r) (1≤r≤s) is the confidence level enhancer, and the expression user is by authentication mechanism E rThe increase degree of authentication back confidence level.
1.2 keep the PAM primary structure constant, in the PAM engine, increase authentication confidence level derivation module, finish the authentication confidence level by authentication confidence level derivation module and derive.
In second step, AT-PAM derives according to user's different landing approaches and obtains user's authentication confidence level.In the User login process, AT-PAM reads configuration file, for single authentication mechanism, obtains authentication mechanism title E 1, confidence level enhancer TEF (H, E 1) and the initial trusted degree of user p (H), authentication confidence level derivation module is with TEF (H, E 1) and p (H) substitution formula (3) calculate, obtain by authentication mechanism E 1Authentication back user's authentication confidence level p (H|E 1).For many authentication mechanisms, obtain authentication mechanism name E after reading configuration file 1E 2... E s, confidence level enhancer TEF (H, E 1), TEF (H, E 2) ... TEF (H, E s) and the initial trusted degree of user p (H), substitution formula (4) calculates, and obtains the authentication confidence level p (H|E by authentication mechanism authentication back user 1E 2... E s).After passing through, authentication will authenticate confidence level p (H|E 1) or p (H|E 1E 2... E s) write in the access customer shell process, in process task_struct structure, increasing the confidence level zone bit, the confidence level zone bit is a floating point type, and zone bit is big more, and the expression user identity is credible more.Produce user's authentication confidence level set { t thus Au1(U), t Au2(U) ..., t Aui(U) }, t Aui(U) expression is by authentication mechanism au iThe authentication confidence level of authentication back user U.
The 3rd step, the diversity factor between the tolerance role.In order to embody the difference between the role, Hierarchy Analysis Method AHP (Analytic Hierarchy Process) the tolerance role difference degree that adopts TheAnalytic Hierarchy Processz1 (Saaty T L.New York:J McGraw Hill:Inc.1980.) to announce.The role difference degree refers to the difference of powers and functions that the role has, with D (R 1, R 2) expression, R 1, R 2Two different role for the user.For containing k role, exist the metrology step of the operating system of n kind powers and functions to be:
3.1 analyze role's internal relation, the synthem aggregated(particle) structure because different powers and functions constitute and caused role's difference between the role, therefore, will ask difference problem between the role to be divided into powers and functions and the role is two-layer; According to the difference in functionality of powers and functions, powers and functions are divided into m class T 1, T 2... T j..., T m(0<m≤n), and use
Figure BDA0000043924180000051
Expression role R l(type T among 0<l≤k) j(the powers and functions number of 0<j≤m).
3.2 at all kinds of powers and functions of powers and functions layer, according to the significance level of its function in operating system, construct the paired comparator matrix V of all kinds of powers and functions, the row and column of V is represented m class powers and functions, wherein element a respectively Ij(0<i≤m, 0<j≤m) is two class powers and functions T iAnd T jThe comparison of significance level, the scale table of being announced by The Analytic Hierarchy Processz1 (Saaty TL.New York:J McGraw Hill:Inc.1980.) obtains, 1 expression T iAnd T jHas equal importance; 3 expression T iCompare T jImportant slightly; 5 expression T iCompare T jObviously important; 7 expression T iCompare T jImportant strongly; 9 expression T iCompare T jExtremely important; The intermediate value that the above-mentioned adjacent significance level of 2,4,6,8 expressions is judged.
3.3 the paired comparator matrix of all kinds of powers and functions is carried out consistency check.When matrix V during, can accept not to be on all four paired comparator matrix by consistency check.Foundation is Consistency Ratio CR=CI/R at random IJudge whether paired comparator matrix is consistent.When CR<0.1, think that paired comparator matrix has satisfied consistance.When CR>0.1, must readjust all types of relatively weights and make the paired comparator matrix of all types of powers and functions reach satisfied consistance, wherein
Figure BDA0000043924180000061
λ Max(V) eigenvalue of maximum of representing matrix V, m represents the kind of powers and functions.RI is the mean random coincident indicator that The Analytic Hierarchy Processz1 (Saaty T L.New York:J McGraw Hill:Inc.1980.) announces, m is big more, and desired value is big more.
Adopt the judgment matrix consistance method of adjustment (Yan Shihua ..ArmamentAutomation, 2008 are imitated in the field) based on analytical hierarchy process to carry out the consistance correction to the paired comparator matrix of the unsatisfied all types of powers and functions of consistance, step is:
3.3.1 with the element a in m * m matrix IjDivided by , 1<i≤m, i≤j≤m, Make variable
Figure BDA0000043924180000064
3.3.2 if b Ij<1, and a Ij≠ 9 or b Ij>1, and a Ij≠ 1/9, calculate deviation distance d Ij,
3.3.3 all deviation distances of trying to achieve are compared, obtain maximum d Max, and record d MaxThe sequence number i of element and the value of j, get in 1~9 scale that defines among the AHP near a Ij/ b IjNumber replace element a Ij
3.3.4 with power method (Li Xiaohong, stifled elegant phoenix, Zhang Yongsheng. computing method, the 127th page, the Chinese Aero-Space .2006 of university press) obtain λ Max(V), check adjusted matrix consistance,, change 3.3.1 if inconsistent.
3.4 the paired comparator matrix V of structure in the foundation 3.3 calculates λ Max(V) proper vector of V the time obtains the shared weights W of all kinds of powers and functions after the unitization v
3.5 for type T j, structure role R o, R p(the paired comparator matrix between the 0<o≤k, 0<p≤k) A ' wherein Oo, a ' PpBe 1, a ' PoBe a ' OpInverse, according to role R oAnd R pT jThe difference of the powers and functions number of class powers and functions promptly
Figure BDA0000043924180000072
With
Figure BDA0000043924180000073
Difference and type T jPowers and functions sums CN j, by formula
Obtain a ' Op, a ' OpDecision is for type T j, role R oAnd R pBetween difference degree.Compute matrix B jThe proper vector of eigenvalue of maximum obtains T after the unitization jClass powers and functions role differences weights W j=(b Jo, b Jp); According to all kinds of powers and functions weights and all kinds of role's differences weight, obtain the diversity factor between the role.Role R o, R pBetween the diversity factor computing formula be:
D ( R o , R p ) = &Sigma; n = 1 m W v &times; | ( b pn - b on ) | - - - ( 6 )
The 4th step combined user's authentication confidence level with the role difference degree, the switching threshold of role under role's differences degree and the active user's confidence level is compared, and judged whether role transforming can take place, and method is:
Determine the role transforming threshold value 4.1 adopt following method:
4.1.1 two roles' maximum difference is as maximum difference degree between the role in theory, maximum difference is that two role's powers and functions are different fully, uses D MaxExpression is chosen 0 and is minimum role difference degree, and obtaining role difference degree scope is 0~D Max
4.1.2 determine that by user initial trusted degree P (H) scope of authentification of user confidence level is P (H)~1.With 0 in the corresponding role difference degree of P (H), with the D in the 1 corresponding role difference degree Max, be horizontal ordinate with the authentification of user confidence level, the role difference degree is an ordinate, obtains linear function
Figure BDA0000043924180000081
Authentication confidence level set { t with the user Au1(U), t Au2(U) ... t Au3(U), } in respectively authenticate the x of this function of confidence level substitution, the value y that obtains is the threshold value t of the pairing role transforming of different authentication confidence level Ac(U).
4.2 with role R o, R pBetween diversity factor and switching threshold t Ac(U) compare, if the diversity factor between the role is less than threshold value t Ac(U), allow role R oConvert role R to pIf the diversity factor between the role is greater than threshold value t Ac(U), do not allow the role from role R oConvert role R to p
Adopt the present invention can reach following beneficial effect:
(1) under the situation of not perception of user, the conversion range to the role in role's implicit conversion limits.Kept corresponding control when having increased application flexibility to using.Kept RBAC96 (Role Basic Access Control96) model (Sandhu R S.Role-based Access Control Models[J] .IEEE Computer, 1996) superiority aspect rights management, constraint by switch condition simultaneously, satisfy actual needs better, solve authentication and the independent mutually existing problem of access control.For system provides further safety assurance, prevented that conversion owing to the role from causing the out of control of important privilege in the system.
(2) after increasing or deleting the role, need not to repartition the role transforming threshold value, need not artificial interference.
(3) in conjunction with the authentification of user confidence level, the difference between user role is measured, the difference between the role has better been described.User's confidence level is associated with role's differences, has limited role's conversion range, when keeping system flexibility, guaranteed the security of system.
Description of drawings
The demonstration flow path switch figure that Fig. 1 background technology is announced;
Fig. 2 is the implicit conversion process flow diagram that background technology is announced;
Fig. 3 is the PAM authentication framework that background technology is announced;
Fig. 4 is an overview flow chart of the present invention;
Fig. 5 is an AHP method flow diagram in the 3rd step of the present invention;
Fig. 6 compares the weight corresponding tables between two factors that define in (The Analytic Hierarchy Process.Saaty T L.1980);
Fig. 7 is the paired comparator matrix synoptic diagram of all types of powers and functions in the step 3.2 of the present invention;
Fig. 8 is the numerical tabular of RI in the consistency check of announcing in (The Analytic Hierarchy Process.Saaty T L, 1980);
Fig. 9 is different authentication mode and a corresponding authentication success CF table thereof among the CentOS 5.4;
Figure 10 is the comparison weight of every type of powers and functions of step 3.2 among the CentOS 5.4 and the powers and functions numerical statement that comprises;
Figure 11 is the paired comparator matrix of all types of powers and functions of step 3.2 among the CentOS 5.4;
Figure 12 is the capability list that every kind of role of step 3.3 is comprised among the CentOS 5.4;
Figure 13 is the powers and functions numerical statement of all types of powers and functions of step 3.3 role among the CentOS 5.4;
Figure 14 is the corresponding diagram of step 4 authentification of user confidence level and role difference among the CentOS 5.4.
Embodiment
Fig. 1 has described the flow process of traditional explicit role transforming, when current role lacks authority, ejects the role transforming window, and the user selects corresponding role to change, and role's conversion is not then carried out in cancellation.
Fig. 2 has described the flow process of traditional role's implicit conversion, when current role lacks authority, if user's association have the role of this authority, then be transformed on the role who has this authority automatically; There is not related this role, then role transforming failure.
Fig. 3 has described the PAM authentication framework, comprises PAM engine (in the PAM storehouse the among/lib, comprising PAM API and PAM SPI), authentication module, and three parts of configuration file are formed.
Fig. 4 has represented overview flow chart of the present invention, the present invention includes following steps:
The first step on the basis of PAM authentication framework, adopts the thought design AT-PAM of authentication confidence level reasoning;
Second goes on foot, and determines user's authentication confidence level.By AT-PAM the user is carried out authentication, according to the landing approach that the user adopts, AT-PAM generates corresponding authentification of user reliability information.
The 3rd step, the diversity factor between the tolerance role;
The 4th step, determine that the role active user authenticates that the role transforms threshold value under the confidence level, the diversity factor between the role that the 3rd step was obtained is compared with switching threshold, and diversity factor just can change less than threshold value.
Fig. 5 represents the flow process of the tolerance role difference of the present invention's the 3rd step AHP method, and metrology step is: suppose that operating system has k role now, exists n kind powers and functions.
1) analyze role's internal relation, the synthem aggregated(particle) structure because different powers and functions constitute and caused role's difference between the role, therefore, will ask difference problem between the role to be divided into powers and functions and the role is two-layer; According to the difference in functionality of powers and functions, powers and functions are divided into m class T 1, T 2... T j..., T m(0<m≤n), and use
Figure BDA0000043924180000101
Expression role R l(type T among 0<l≤k) j(the powers and functions number of 0<j≤m).
2) at all kinds of powers and functions of powers and functions layer, according to the significance level of its function in operating system, construct the paired comparator matrix V of all kinds of powers and functions, the row and column of matrix has been represented m class powers and functions, wherein element a respectively Ij(0<i≤m, 0<j≤m) is two class powers and functions T iAnd T j, the comparison of significance level, the scale table of being announced by The Analytic Hierarchy Processz1 (Saaty T L.New York:J McGrawHill:Inc.1980.) (as shown in Figure 6) obtains, 1 expression T iAnd T jHas equal importance; 3 expression T iCompare T jImportant slightly; 5 expression T iCompare T jObviously important; 7 expression T iCompare T jImportant strongly; 9 expression T iCompare T jExtremely important; The intermediate value that the above-mentioned adjacent significance level of 2,4,6,8 expressions is judged.
3) the paired comparator matrix of all kinds of powers and functions is carried out consistency check.When matrix V during, can accept not to be on all four paired comparator matrix by consistency check.Foundation is Consistency Ratio CR=CI/R at random IJudge whether paired comparator matrix is consistent.When CR<0.1, think that paired comparator matrix has satisfied consistance.When CR>0.1, must readjust all types of relatively weights and make the paired comparator matrix of all types of powers and functions reach satisfied consistance, wherein
Figure BDA0000043924180000102
λ Max(V) eigenvalue of maximum of representing matrix V, m represents the kind of powers and functions.RI is the mean random coincident indicator that The AnalyticHierarchy Processz1 (Saaty T L.New York:J McGraw Hill:Inc.1980.) announces, m is big more, and desired value is big more.
4) according to 3) the middle paired comparator matrix V that constructs, calculate λ Max(V) proper vector of V the time obtains the shared weights W of all kinds of powers and functions after the unitization v
5) role is compared in twos, the structure role is about the paired comparator matrix of every class powers and functions, calculates role's layer for the difference weight between dissimilar powers and functions roles: for type T j, structure role R o,
Figure BDA0000043924180000111
Sum CN j, determine for type T by formula (5) j, role R oAnd R pBetween difference degree.Compute matrix B jThe proper vector of eigenvalue of maximum obtains T after the unitization jClass powers and functions role differences weights W j=(b Jo, b Jp); According to all kinds of powers and functions weights and all kinds of role's differences weight, obtain the diversity factor between the role.Fig. 7 is the paired comparator matrix that (The Analytic Hierarchy Process.Saaty T L.1980) announces, comparator matrix is mainly used in the difference degree between performance two factors in pairs.The row and column of matrix has been represented m class powers and functions, wherein element a respectively IjBe two class powers and functions T iAnd T j, the comparison of significance level.
Fig. 8 is the numerical tabular of RI in (the The Analytic Hierarchy Process.Saaty T L.1980) consistency check of announcing, and matrix dimension m is high more, and RI is big more.The present invention (for example: RedHat can realize in several operation systems, CentOS, KylinOS etc.), with CentOS5.4 is example, at DELLOPTIPLEX 960, CPU is Intel Pentium Dual_Core2 2.66GHz, and internal memory is 3G, and hard disk is to realize on the hardware platform of 500G that process of the present invention is:
CentOS 5.4 is a kind of operating system of current main-stream, and role capability and user capability pass to user's shell process by PAM mechanism when landing.For the user, if the Insufficient privilege that current role had then needs changing role.This system supports 31 abilities at present, adopts 64 integer representation, and each represents an ability.According to demand, can add ability, further refinement access control granularity.Set up three kinds of authentication modes of present main flow in CentOS 5.4 operating systems, the confidence level enhancer of every kind of authentication mode correspondence as shown in Figure 9, mainly contain three kinds of password authentication, Ukey authentication and finger print identifyings, corresponding confidence level enhancer is respectively 0.2,0.4 with 0.6, the initial trusted degree of system default user P (H)=0.5.
The first step, configuration file is made amendment among right/etc/pam.d, the confidence level enhancer and the initial trusted degree of user of configuration authentication mechanism, configuration information can be represented like this: (auth_passwd); (0.2,0.5), wherein auth_passwd has represented the user through password authentication, 0.2 expression confidence level enhancer, the initial trusted degree of 0.5 expression user,
Second step is behind password, with the TEF (H in the confidence level enhancer 0.2 substitution formula (3), E), p (H) in the initial trusted degree 0.5 substitution formula (3) of user, the authentication reliability information 0.6 that obtains is write in the access customer shell process task_struct structure.If in like manner can respectively by other two kinds of authentication mechanisms, according to formula (3), user's confidence level is respectively 0.7 and 0.8.If the user authenticates by these three kinds of authentication mechanisms, then with 0.6,0.7, the p (H|E in the 0.8 substitution formula (4) 1), p (H|E 2) and p (H|E 3), in 0.4,0.3, the 0.2 substitution formula (4) With
Figure BDA0000043924180000122
With 1-p (H) substitution
Figure BDA0000043924180000123
Obtaining user's confidence level is 0.94.
The 3rd step, in CentOS 5.4 operating systems default setting five kinds of roles, comprise safety officer S (security admin), audit management person A (audit admin), system manager R (system admin), network manager N (net admin) and acquiescence default role D (default role).According to the present invention's the 3rd step diversity factor computing method, calculate the diversity factor between different role.
1) according to difference in functionality, powers and functions is divided into: five types of common management powers and functions, network management powers and functions, system management powers and functions, safety management powers and functions and audit management powers and functions.Figure 10 has provided the powers and functions numerical statement that all kinds of powers and functions comprise, and wherein common management powers and functions have 13, and the network management powers and functions have 4, and the system management powers and functions have 11, and the safety management powers and functions have 1, and the audit management powers and functions have 2.
2) construct the paired comparator matrix of all types of powers and functions according to significance levels different between type, as Figure 11, a 12=1 expression type of audit powers and functions have identical significance level, a with the security type powers and functions 15=5 expression type of audit powers and functions are obviously more important than general type powers and functions.
3) carry out consistency check, satisfy the inspection condition.Ask the proper vector of the paired comparator matrix eigenvalue of maximum of all types of powers and functions, the weight vector that obtains five types of powers and functions proportions after the unitization is: W v=(0.28894,0.28894,0.28894,0.0802,0.053).
4) at role's layer, for role's powers and functions, its powers and functions in system hexadecimal representation C s(R)=<C i(R), C p(r), C e(R)>, provided role's powers and functions in the system among Figure 12, powers and functions of each expression in the sexadecimal, 1 expression role has this powers and functions, and 0 expression does not have.Because system is according to role's inheritance capability set C i(R) effective powers and functions set C of decision initial processes eSo role's powers and functions refer to is exactly inheritance capability set C (R), i(R).Analyze role's powers and functions, thereby obtain for every kind powers and functions, the powers and functions number that the role comprised as Figure 13, has shown among the figure that five kinds of roles that give tacit consent in the system comprise the powers and functions number of all kinds of powers and functions.With default role and system manager is example, and the difference of the powers and functions number that is comprised according to two roles couple and all kinds of powers and functions obtains all kinds of powers and functions two role's differences degree according to formula (5), thereby is configured to the comparison matrix
Figure BDA0000043924180000131
Calculate weight (0.1,0.9), (0.1,0.9), (0.1,0.9), (0.5,0.5), (0.5,0.5) for these class powers and functions role differences.With 3) weight of all types of powers and functions that obtain and the weight substitution formula (6) of all types of powers and functions role's differences, obtain between two roles diversity factor D (R, D)=0.34.
5) determine role difference degree scope.When getting the difference maximum between the role, role's the paired comparator matrix of all types of powers and functions can be expressed as Calculate the maximum angular aberration different time for the difference weight (0.1,0.9) between all types of powers and functions roles, (0.1,0.9), (0.1,0.9), (0.1,0.9) with this.Thereby obtain two roles' maximum role difference D Max=0.8.
In the 4th step, by diversity factor scope (0~0.8), the initial trusted degree of user is 0.5, obtains linear function y=1.6x-0.8.With different authentication confidence level (0.6,0.7,0.8,0.94) substitution linear function, obtained the switching threshold of role under each authentication confidence level, as Figure 14.When the user by password authentication, its role transforming threshold value is 0.15; When the user by smart card authentication, its role transforming threshold value is 0.30; When the user authenticates by fingerprint instrument, its role transforming threshold value is 0.45; When the user through three kinds of mechanism authentications, its role transforming threshold value is 0.7.
The convertible scope of role is only relevant with initial roles, and no matter the role is through the how many times conversion, and convertible scope can not change.
6) last, the role difference degree is compared with switching threshold, if the role difference degree less than switching threshold then allow conversion, otherwise refusal is changed.
The present invention not only can be used in the role transforming of single authenticate ruler, can also extend to the role transforming of many authenticate rulers.The multiple authentication mechanism that can either pass through in conjunction with the user obtains corresponding authentication confidence level, carries out role transforming with this, also can be used for other comprehensive complicacy Verification System fields.

Claims (2)

1. role's dynamic converting method of supporting difference measurement is characterized in that may further comprise the steps:
The first step is associated the authentification of user confidence level with role's conversion, on the basis of PAM authentication framework, adopt the thought design AT-PAM of authentication confidence level reasoning, and method is:
1.1 revise the configuration file of PAM, add line at the configuration file end:
Figure FDA0000043924170000011
TEF (H, E wherein r) be the confidence level enhancer, the expression user is by authentication mechanism E rThe increase degree of authentication back confidence level, H represents the credible conclusion of user, user's confidence level when p (H) refers to not pass through any authentication, 1≤r≤s;
1.2 keep the PAM primary structure constant, in the PAM engine, increase authentication confidence level derivation module, finish the authentication confidence level by authentication confidence level derivation module and derive;
In second step, AT-PAM derives according to user's different landing approaches and obtains user's authentication confidence level: in the User login process, AT-PAM reads configuration file, for single authentication mechanism, obtains authentication mechanism title E 1, confidence level enhancer TEF (H, E 1) and the initial trusted degree of user p (H), authentication confidence level derivation module is with TEF (H, E 1) and p (H) substitution formula p (H|E 1)=TEF (H, E 1)+(1-TEF (H, E 1)) p (H) calculates, obtain by authentication mechanism E 1Authentication back user's authentication confidence level p (H|E 1); For many authentication mechanisms, obtain authentication mechanism name E after reading configuration file 1E 2... E s, confidence level enhancer TEF (H, E 1), TEF (H, E 2) ... TEF (H, E s) and the initial trusted degree of user p (H), the substitution formula
Figure FDA0000043924170000012
Calculate, obtain authentication confidence level p (H|E by authentication mechanism authentication back user 1E 2... E s); To authenticate confidence level p (H|E 1) or p (H|E 1E 2... E s) write in the access customer shell process, in process task_struct structure, increasing the confidence level zone bit, the confidence level zone bit is a floating point type, and zone bit is big more, and the expression user identity is credible more; Produce user's authentication confidence level set (t thus Au1(U), t Au2(U) ..., t Aui(U) }, t Aui(U) expression is by authentication mechanism au iThe authentication confidence level of authentication back user U;
The 3rd step, adopt Hierarchy Analysis Method tolerance role difference degree, the role difference degree refers to the difference of powers and functions that the role has, with D (R 1, R 2) expression, R 1, R 2Be two different role of user,, exist the metrology step of the operating system of n kind powers and functions to be for containing k role:
3.1 analyze role's internal relation, the synthem aggregated(particle) structure will ask difference problem between the role to be divided into powers and functions and the role is two-layer; According to the difference in functionality of powers and functions, powers and functions are divided into m class T 1, T 2... T j..., T m, 0<m≤n, and use
Figure FDA0000043924170000021
Expression role R lMiddle type T jThe powers and functions number; 0<l≤k, 0<j≤m;
3.2 at all kinds of powers and functions of powers and functions layer, according to the significance level of its function in operating system, construct the paired comparator matrix V of all kinds of powers and functions, the row and column of V is represented m class powers and functions, wherein element a respectively IjBe two class powers and functions T iAnd T jThe comparison of significance level, the scale table of being announced by The Analytic Hierarchy Processz1 obtains, 1 expression T iAnd T jHas equal importance; 3 expression T iCompare T jImportant slightly; 5 expression T iCompare T jObviously important; 7 expression T iCompare T jImportant strongly; 9 expression T iCompare T jExtremely important; The intermediate value that the above-mentioned adjacent significance level of 2,4,6,8 expressions is judged, 0<i≤m, 0<j≤m;
3.3 foundation is Consistency Ratio CR=CI/R at random IJudge that paired comparator matrix is whether consistent: when CR<0.1, think that paired comparator matrix has satisfied consistance; When CR>0.1, adjust all types of relatively weights and make the paired comparator matrix of all types of powers and functions reach satisfied consistance; Wherein
Figure FDA0000043924170000022
λ Max(V) eigenvalue of maximum of representing matrix V, m represents the kind of powers and functions; RI is the mean random coincident indicator that The AnalyticHierarchy Processz1 announces, m is big more, and desired value is big more;
3.4 calculate λ according to paired comparator matrix V Max(V) proper vector of V the time obtains the shared weights W of all kinds of powers and functions after the unitization v
3.5 for type T j, structure role R o, R pBetween paired comparator matrix
Figure FDA0000043924170000023
A ' wherein Oo, a ' PpBe 1, a ' PoBe a ' OpInverse, 0<o≤k, 0<p≤k is according to role R oAnd R pT jThe difference of the powers and functions number of class powers and functions promptly
Figure FDA0000043924170000024
With
Figure FDA0000043924170000025
Difference and type T jPowers and functions sums CN j, obtain a ' by formula (5) Op, a ' OpDecision is for type T j, role R oAnd R pBetween difference degree:
Compute matrix B jThe proper vector of eigenvalue of maximum obtains T after the unitization jClass powers and functions role differences weights W j=(b Jo, b Jp); According to all kinds of powers and functions weights and all kinds of role's differences weight, obtain the diversity factor between the role, role R o, R pBetween the diversity factor computing formula be:
D ( R o , R p ) = &Sigma; n = 1 m W v &times; | ( b pn - b on ) | - - - ( 6 )
The 4th step combined user's authentication confidence level with the role difference degree, the switching threshold of role under role's differences degree and the active user's confidence level is compared, and judged whether role transforming can take place, and method is:
Determine the role transforming threshold value 4.1 adopt following method:
4.1.1 two roles' maximum difference is as maximum difference degree between the role in theory, maximum difference is that two role's powers and functions are different fully, uses D MaxExpression is chosen 0 and is minimum role difference degree, and obtaining role difference degree scope is 0~D Max
4.1.2 determine that by user initial trusted degree P (H) scope of authentification of user confidence level is P (H)~1, with 0 in the corresponding role difference degree of P (H), with the D in the 1 corresponding role difference degree Max, be horizontal ordinate with the authentification of user confidence level, the role difference degree is an ordinate, obtains linear function
Figure FDA0000043924170000033
Authentication confidence level set { t with the user Au1(U), t Au2(U) ... t Au3(U), } in respectively authenticate the x of this function of confidence level substitution, the value y that obtains is the threshold value t of the pairing role transforming of different authentication confidence level Ac(U);
4.2 with role R o, R pBetween diversity factor and switching threshold t Ac(U) compare, if the diversity factor between the role is less than threshold value t Ac(U), allow role R oConvert role R to pIf the diversity factor between the role is greater than threshold value t Ac(U), do not allow the role from role R oConvert role R to p
2. a kind of role's dynamic converting method of supporting difference measurement as claimed in claim 1, it is characterized in that paired comparator matrix employing is carried out the consistance correction based on the judgment matrix consistance method of adjustment of analytical hierarchy process to the unsatisfied all types of powers and functions of consistance, step is:
2.1 with the element a in m * m matrix IjDivided by , 1<i≤m, i≤j≤m,
a ij &OverBar; = 1 n &Sigma; k = 1 n a ik a kj , Make variable b ij = a ij / a ij &OverBar; ;
2.2 if b Ij<1, and a Ij≠ 9 or b Ij>1, and a Ij≠ 1/9, calculate deviation distance d Ij,
d ij = | 1 - a ij a ij &OverBar; | ;
2.3 all deviation distances of trying to achieve are compared, obtain maximum d Max, and record d MaxThe sequence number i of element and the value of j, get in 1~9 scale that defines among the AHP near a Ij/ b IjNumber replace element a Ij
2.4 obtain λ with power method Max(V), check adjusted matrix consistance,, change 2.1 if inconsistent.
CN201110008407A 2011-01-14 2011-01-14 Role dynamic transition method supporting difference measurement Expired - Fee Related CN102081712B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110008407A CN102081712B (en) 2011-01-14 2011-01-14 Role dynamic transition method supporting difference measurement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110008407A CN102081712B (en) 2011-01-14 2011-01-14 Role dynamic transition method supporting difference measurement

Publications (2)

Publication Number Publication Date
CN102081712A true CN102081712A (en) 2011-06-01
CN102081712B CN102081712B (en) 2012-10-24

Family

ID=44087671

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110008407A Expired - Fee Related CN102081712B (en) 2011-01-14 2011-01-14 Role dynamic transition method supporting difference measurement

Country Status (1)

Country Link
CN (1) CN102081712B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222191A (en) * 2011-06-16 2011-10-19 中国人民解放军国防科学技术大学 Loose coupling role authorized-type implementation access control method and system thereof
CN103986694A (en) * 2014-04-23 2014-08-13 清华大学 Control method of multi-replication consistency in distributed computer data storing system
CN105611243A (en) * 2015-12-23 2016-05-25 福建星网锐捷安防科技有限公司 Security monitoring system and managing method of security monitoring system
CN109063495A (en) * 2018-07-24 2018-12-21 中国人民解放军陆军工程大学 A kind of access control risk analysis method based on spatial weighting

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001088670A2 (en) * 2000-05-15 2001-11-22 Siemens Aktiengesellschaft Licensing and access authorization
CN101039322A (en) * 2007-04-20 2007-09-19 华中师范大学 Dynamic access control method of pervasive computing

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001088670A2 (en) * 2000-05-15 2001-11-22 Siemens Aktiengesellschaft Licensing and access authorization
CN101039322A (en) * 2007-04-20 2007-09-19 华中师范大学 Dynamic access control method of pervasive computing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《微电子学与计算机》 20090731 顾韵华等 基于认证可信度的角色访问控制模型 全文 1-2 第26卷, 第07期 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222191A (en) * 2011-06-16 2011-10-19 中国人民解放军国防科学技术大学 Loose coupling role authorized-type implementation access control method and system thereof
CN103986694A (en) * 2014-04-23 2014-08-13 清华大学 Control method of multi-replication consistency in distributed computer data storing system
CN103986694B (en) * 2014-04-23 2017-02-15 清华大学 Control method of multi-replication consistency in distributed computer data storing system
CN105611243A (en) * 2015-12-23 2016-05-25 福建星网锐捷安防科技有限公司 Security monitoring system and managing method of security monitoring system
CN109063495A (en) * 2018-07-24 2018-12-21 中国人民解放军陆军工程大学 A kind of access control risk analysis method based on spatial weighting
CN109063495B (en) * 2018-07-24 2021-12-10 中国人民解放军陆军工程大学 Access control risk analysis method based on spatial weighting

Also Published As

Publication number Publication date
CN102081712B (en) 2012-10-24

Similar Documents

Publication Publication Date Title
Kandala et al. An attribute based framework for risk-adaptive access control models
Barka et al. Securing the web of things with role-based access control
Chen et al. Trust evaluation model of cloud user based on behavior data
Li et al. Cloudvo: Building a secure virtual organization for multiple clouds collaboration
CN102081712B (en) Role dynamic transition method supporting difference measurement
CN103281259B (en) Access control method between a kind of territory based on Dynamic Self-Adjusting
Toumi et al. Trust-orbac: A trust access control model in multi-organization environments
Kang et al. A security ontology with MDA for software development
Lin et al. Trust Based Access Control Policy in Multi-domain of Cloud Computing.
Taheri et al. ACCFLA: Access Control in Cloud Federation using Learning Automata
Riad et al. Multi-factor synthesis decision-making for trust-based access control on cloud
Martinelli et al. Too long, did not enforce: a qualitative hierarchical risk-aware data usage control model for complex policies in distributed environments
Shaikh et al. Risk-based decision method for access control systems
US20150249677A1 (en) Security evaluation systems and methods
Hong-Yue et al. A context-aware fine-grained access control model
Helil et al. Trust and risk based access control and access control constraints
Rezakhani et al. A novel access control model based on the structure of applications
Jaidi et al. A risk awareness approach for monitoring the compliance of RBAC-based policies
Xia Design and implementation of trust—based access control system for cloud computing
Shan et al. A smart access control mechanism based on user preference in online social networks
Blake The clark-wilson security model
Mpofu et al. A survey of trust issues constraining the growth of Identity Management-as-a-Service (IdMaaS)
CN109495474A (en) Towards the dynamic access control frame internaled attack
Sengupta et al. A Methodology for Conversion of Enterprise-Level Information Security Policies to Implementation-Level Policies/Rule
Sato et al. Elastic Trust Management in Decentralized Computing Environments.

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20121024

Termination date: 20180114