CN106953843A - A kind of spreadability detection method of the access control rule based on NuSMV - Google Patents

A kind of spreadability detection method of the access control rule based on NuSMV Download PDF

Info

Publication number
CN106953843A
CN106953843A CN201710080002.XA CN201710080002A CN106953843A CN 106953843 A CN106953843 A CN 106953843A CN 201710080002 A CN201710080002 A CN 201710080002A CN 106953843 A CN106953843 A CN 106953843A
Authority
CN
China
Prior art keywords
access control
control rule
nusmv
spreadability
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710080002.XA
Other languages
Chinese (zh)
Inventor
刘志锋
陈凯
周从华
李雷
施化吉
单田华
吕江华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu University
Original Assignee
Jiangsu University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu University filed Critical Jiangsu University
Priority to CN201710080002.XA priority Critical patent/CN106953843A/en
Publication of CN106953843A publication Critical patent/CN106953843A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of spreadability detection method of the access control rule based on NuSMV, belong to field of information security technology, specifically include following steps:Access control rule is standardized;The characteristic that access control system should be met is standardized;Negative to access control rule is standardized;Tectonic model and mutation model;NUSMV is called to carry out spreadability detection.The present invention can be analyzed the correctness of access control rule, further ensure the security of system.

Description

A kind of spreadability detection method of the access control rule based on NuSMV
Technical field
The invention belongs to field of information security technology, it is related to access control rule verification of correctness technology.
Background technology
After a kind of access control model occurs, and after being typically embodied as, need to concentrate before coming into operation and tested, Ensure that access control is correctly carried out, then need to simulate various requests (legal and illegal) to access system, it is ensured that System stable operation, then this cost is sizable.NuSMV is the system for overcoming this cost very well.
Model inspection, with peculiar language to system modelling, is expired with reference to related tool, and using computer automatic analysis model One class technology of foot.Its presenter be it is famous learn Clarke, Emerson, Quielle, Sifakis, and joined in 1981 years Close and propose.Model inspection is to calculate two methods by state search and fixed point, to logic of modality formula describe it is finite Status system property carries out automatic Verification.Model inspection technological thought can be described with algorithm, be performed using computer, Therefore the suitable height of automaticity.Moreover, in the case of model is ungratified, it can analyze and obtain a paths to refer to The invalid reason of representation model.This two big characteristic make it that the technology enjoys high praise in industrial quarters.
NuSMV (New Symbolic Model Verifier) is a kind of based on sign pattern matrix device, its distinctive language Method structure can help our the system rapid modelings to state Finite, and model can directly detect linear temporal The validity of LTL (or calculating tree temporal logic CTL) formula.
In view of high efficiency of the NuSMV in terms of checking, it is a kind of feasible side to analyze access control rule using NuSMV Method.
The content of the invention
It is an object of the invention to provide a kind of spreadability detection method of access control rule, to improve access control system The correctness of system.
In order to solve the above technical problems, the technical scheme of the use of the present invention is as follows:
A kind of spreadability detection method of the access control rule based on NuSMV, it is characterised in that comprise the following steps:
Step one, access control rule is standardized, i.e., be described with Formal Languages;
Step 2, is standardized to the characteristic that access control system should be met;
Step 3, the negative to access control rule is standardized;
Step 4, construction archetype and mutation model;
Step 5, calls NuSMV to carry out spreadability detection to access control rule.
Access control rule is standardized as if c then d, i.e., performs d if c is set up;
The c is the constraint in access control to entities such as main body, object, operations, and d represents the judgement under c constraint As a result.
The characteristic standard that access control system should be met turns to p:B → e, i.e., rule p needs to meet if b is set up Condition e;The b is the constraint in access control to main body, the characteristic that e meets for rule;P is rule.
The negative criterion of access control rule is turned into if c then ﹁ d, i.e., does not perform d if c is set up.
The set of access control rule formation after all standardization is set to archetype, by some in archetype Rule is negated to obtain the regular corresponding mutation model.
The present invention has beneficial effect.The setting of access control rule is the key technology of guarantee system safety.The present invention A kind of spreadability detection technique of access control rule is proposed, by entering row variation to archetype, it is ensured that access control is advised Correctness then, it is ensured that system safety.
Embodiment
With reference to specific embodiment, technical scheme is described in further details.
Selling operation extends to all parts of the country in recent years for certain company, for convenience of the industry of company's sales force's promptly accepting various regions Business, sale subdivision has been set up in Beijing, Shanghai, Jiangsu respectively, and distributes a line manager for each sale subdivision, Each line manager possesses absolute control to department's sales figure in institute compass of competency, otherwise haves no right to access.So, it is Raising department efficiency, each department has each recruited sales force, and sales force's number is relatively bulky, it is necessary to responsible pair Whole selling operations in affiliated area, because each region area is very big, it is impossible to which a sales force is responsible for affiliated area Each place, it is therefore desirable to sales force is divided into several groups, every group is set up a sales manager, and sales force has sale upwards Manager, sales manager then has line manager upwards, and authority is line manager, sales manager, sales force, specific power from big to small Limit is shown in as shown in table 1:
The authority distribution of table 1
Position Resource Operation
Line manager Sales figure Reading and writing, modification, deletion
Sales manager Sales figure Reading and writing
Sales force Sales figure Write
The corresponding authority of role is as shown in table 2.
The role-security of table 2
The sales figure in the region that the role of each branch is mainly administered to oneself branch can be operated, it is therefore desirable to right Role adds region area attributes, while area attributes are also added in sales figure, then completely description is as shown in table 3 by role.
The complete Role delineation of table 3
Authority distribution should meet regular p:The read-write Shanghai sales figure of Shanghai line manager.
It is after p standardization:if
(role=DivisionManagerres&res=SaleNote&role.area=role.area= Res.area&op=read) then permit
The characteristic that rule should be met is the sales figure that Shanghai line manager will be allowed to change Shanghai department.The rule It is after standardization
p:AG (role=DivisionManager&res=SaleNote&role.area=res.area&op= Edit&role.op_inherit=true → AF decision=permit)
Model is { if
(role=DivisionManagerres&res=SaleNote&role.area=role.area= Res.area&op=read) then permit }.
The corresponding mutation model of regular p is { if
(role=DivisionManagerres&res=SaleNote&role.area=role.area= Res.area&op=read) then ﹁ permit }
Meeting property of the model to property set is verified using model checking tools NuSMV, the result shows that we design Model meet property set, in other words meet actual demand according to model.

Claims (5)

1. a kind of spreadability detection method of the access control rule based on NuSMV, it is characterised in that comprise the following steps:
Step one, access control rule is standardized, i.e., be described with Formal Languages;
Step 2, is standardized to the characteristic that access control system should be met;
Step 3, the negative to access control rule is standardized;
Step 4, construction archetype and mutation model;
Step 5, calls NuSMV to carry out spreadability detection to access control rule.
2. a kind of spreadability detection method of access control rule based on NUSMV according to claim 1, its feature exists In access control rule is standardized as into if c then d, i.e., perform d if c is set up;The c be access control in master The constraint of the entities such as body, object, operation, d represents the result of determination under c constraint.
3. a kind of spreadability detection method of access control rule based on NUSMV according to claim 1, its feature exists P is turned in the characteristic standard that should meet access control system:B → e, i.e., rule p needs to meet condition e if b is set up; The b is the constraint in access control to main body, the characteristic that e meets for rule;P is rule.
4. a kind of spreadability detection method of access control rule based on NUSMV according to claim 1, its feature exists In the negative criterion of access control rule is turned into if c then ﹁ d, i.e., do not perform d if c is set up.
5. a kind of spreadability detection method of access control rule based on NUSMV according to claim 2, its feature exists In:The set of access control rule formation after all standardization is set to archetype, by the rule of some in archetype Negated to obtain the regular corresponding mutation model.
CN201710080002.XA 2017-02-15 2017-02-15 A kind of spreadability detection method of the access control rule based on NuSMV Pending CN106953843A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710080002.XA CN106953843A (en) 2017-02-15 2017-02-15 A kind of spreadability detection method of the access control rule based on NuSMV

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710080002.XA CN106953843A (en) 2017-02-15 2017-02-15 A kind of spreadability detection method of the access control rule based on NuSMV

Publications (1)

Publication Number Publication Date
CN106953843A true CN106953843A (en) 2017-07-14

Family

ID=59466430

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710080002.XA Pending CN106953843A (en) 2017-02-15 2017-02-15 A kind of spreadability detection method of the access control rule based on NuSMV

Country Status (1)

Country Link
CN (1) CN106953843A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101847125A (en) * 2010-05-31 2010-09-29 高新宇 Method and system for detecting quality defect of software based on intelligent dynamic fuzzy detection
CN101894072A (en) * 2010-07-20 2010-11-24 山东省计算中心 Method for detecting abnormal termination during model detection
CN106131041A (en) * 2016-07-29 2016-11-16 北京匡恩网络科技有限责任公司 A kind of industry control network safety detection device and unknown leak detection method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101847125A (en) * 2010-05-31 2010-09-29 高新宇 Method and system for detecting quality defect of software based on intelligent dynamic fuzzy detection
CN101894072A (en) * 2010-07-20 2010-11-24 山东省计算中心 Method for detecting abnormal termination during model detection
CN106131041A (en) * 2016-07-29 2016-11-16 北京匡恩网络科技有限责任公司 A kind of industry control network safety detection device and unknown leak detection method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
何洋 等: ""基于模型检测工具 NuSMV 的功能测试用例生成方法"", 《计算机应用》 *

Similar Documents

Publication Publication Date Title
CN109597994B (en) Short text problem semantic matching method and system
Hongling et al. BIM and safety rules based automated identification of unsafe design factors in construction
CN108062484A (en) A kind of classification stage division based on data sensitive feature and database metadata
CN103853738A (en) Identification method for webpage information related region
CN104516882B (en) The method and apparatus for determining the density of infection of SQL statement
CN105045847A (en) Method for extracting Chinese institutional unit name from text information
KR20190053616A (en) Data merging device and method for bia datda analysis
CN111159396A (en) Method for establishing text data classification hierarchical model facing data sharing exchange
CN111177332A (en) Method and device for automatically extracting referee document case-related mark and referee result
CN106033392A (en) Method and device for detecting based on inspection word requirement
CN107300907A (en) With reference to the flight control system Reliable Evaluating Methods of Their Performance of comprehensive assessment and hypothesis testing
Chen et al. A unified framework for layout pattern analysis with deep causal estimation
CN108108477B (en) A kind of the KPI system and Rights Management System of linkage
CN114005135A (en) Intelligent construction project drawing verification method, system and device and readable storage medium
Lee et al. Ripple effect and regional house prices dynamics in China
CN106408028A (en) Urban-rural planning inspection and plotting data processing method
CN106953843A (en) A kind of spreadability detection method of the access control rule based on NuSMV
CN102591732A (en) Security evaluation system of information system and evaluation method of the system
Wang et al. Temperature forecast based on SVM optimized by PSO algorithm
CN102194061A (en) Method for verifying security model of computer system
von Cramon‐Taubadel et al. Testing the equivalence of modern human cranial covariance structure: Implications for bioarchaeological applications
Lu et al. Acquisition of typical occupancy schedules for commercial buildings from social networks
Wang et al. A propagating update method of multi-represented vector map data based on spatial objective similarity and unified geographic entity code
CN113158682A (en) Product name identification method and device, electronic equipment and medium
Kounis Quality Control and Assurance: An Ancient Greek Term Re-Mastered

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170714

RJ01 Rejection of invention patent application after publication