Collaboration supported mandatory access control model

被引:0
作者
Fan, Yanfang [1 ]
Cai, Ying [1 ,2 ,3 ]
机构
[1] Computer School, Beijing Information Science & Technology University, Beijing
[2] State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing
[3] Beijing Key Laboratory of Internet Culture and Digital Dissemination Research, Beijing
来源
Jisuanji Yanjiu yu Fazhan/Computer Research and Development | 2015年 / 52卷 / 10期
关键词
Active security model; Collaboration; Information flow; Mandatory access control; Task;
D O I
10.7544/issn1000-1239.2015.20150574
中图分类号
学科分类号
摘要
According to the national classified protection of information system, information systems whose levels are above three must provide mandatory access control and label. Due to rigid access control rules, existing mandatory access control models are difficult to satisfy the new requirements of collaborative environment. In this paper, we firstly analyze the requirements of access control in collaborative environment. Then, we propose the access control policies according to a very popular scenario. And then, we propose a mandatory access control model with collaboration supported and prove the security of the model by noninterference theory. At last, we compare this models with other related models, and use an application example to show the application of this model. In general, this model integrates task-centric access control with the subject-object-centric access control. The flexibility of the model is greatly enhanced and this model can be considered as an active access control model which is more perfect to be used in collaborative environment. Through controlling the security label of subjects and objects, the bi-directional information flow which is compliant with security policies is solved. ©, 2015, Science Press. All right reserved.
引用
收藏
页码:2411 / 2421
页数:10
相关论文
共 17 条
[1]  
Tolone W., Ahn G.J., Pai T., Et al., Access control in collaborative systems, ACM Computing Surveys, 37, 1, pp. 29-41, (2005)
[2]  
Thomas R.K., Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments, Proc of the 2nd Workshop on Role-Based Access Control, pp. 13-19, (1997)
[3]  
Thomas R.K., Sandhu R.S., Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management, Proc of the IFIP WG11.3 Workshop on Database Security, pp. 13-19, (1997)
[4]  
Oh S., Park S., Task-role based access control (T-RBAC): An improved access control method for enterprise environment, LNCS 1873: Proc of the 11th Int Conf on Database and Expert Systems Applications, pp. 264-273, (2000)
[5]  
Sandhu R.S., Coynek E.J., Feinsteink H.L., Et al., Role-based access control models, IEEE Computer, 29, 2, pp. 38-47, (1996)
[6]  
Georgiadis C.K., Mavridis I., Pangalos G., Et al., Flexible team-based access control using contexts, Proc of the ACM Symp on Access Control Models and Technologies, pp. 21-27, (2001)
[7]  
Zhai Z., Research on access control modeling in enterprise-level collaborative environment, (2012)
[8]  
Bijon K.Z., Sandhu R.S., Krishnan R., A group-centric model for collaboration with expedient insiders in multilevel systems, Proc of the 2012 Int Conf on Collaboration Technologies and Systems, pp. 419-426, (2012)
[9]  
Yan X., Geng T., Fused access control scheme for sensitive data sharing, Journal on Communications, 35, 8, pp. 71-77, (2014)
[10]  
Yao Z., Xiong J., Ma J., Et al., Community field-centric trust-based access control model, Journal on Communications, 34, 9, pp. 1-9, (2013)
12