| In modern computer systems and networks, because of the security policies, such as access control, the behaviours of processes are restricted. On the one hand, the access control policies request that a process must have a security level, a right, a role or accomplishing some mission if the process wants to access an object; On the other hand, the behaviours of processes are restricted by the running environment, for example the hardware devices or IP address which is bound with the network adaptor in the computer etc. In this thesis, the concept of access control resources is proposed to give a uniform description for those security level, rights, roles, and the environment of computer and networks, and these access control systems based on this concept are expressed as follow: if a process wants to execute an action, then it must hold some access control resources and using the resources while executing an action and after executed the action some resources may be consumed. In order to describe and study this computational phenomenon, the process algebra named resources usage and consumption calculus system, short for RUCCS, is proposed in this thesis. The syntax and semantics of RUCCS are defined; its behaviour theory, logical character and applications are also studied in this thesis.The main work and contributions in this thesis are listed as follow:1) The concept of access control resources is proposed, and this concept can establish a uniform for current access control model.The character of process running in the environment of concurrency and distribution with access control policies is studied, the security level, rights, roles and the running environment of process are abstracted into resource, and all access control models can be unified based on this concept of resources, i.e., the rules of an access control model can be described to use a certain resource to apply access decision for the access action2) A calculus with resource usage and consumption is proposed in this thesisBased on the theory of concurrency, in order to modeling the computational phenomenon which the involving of process must use and consume resources, a calculus of resource usage and consumption is proposed in this thesis, its syntax, induction semantics and structural operation semantics are defined, and the harmony theory of the two semantics is proved . In comparison with the classical process algebra CCS, the usage and consumption of resources are introduced into RUCCS, and this brought three significant changes: firstly, before the action prefix of process, a Boolean expression is added to describe that the action can be execute if the Boolean is satisfied; secondly, the concept of resource environment is proposed for describing and recording the dynamic change of process's resources, concretely, it includes the information of resources usage and consumption of process; thirdly, the process identifier is defined for every process. The process identifier is the"identification card", and then process in RUCCS is the executor of action, and the process identifier is owner of resources. These changes make the RUCCS be more complex than CCS.3) The concept of weak bisimulation based on the set of observation abilities is proposed in this thesis, and its properties are studiedThe behaviour theory for RUCCS is studied by defining bisimulation relation between systems. Because the situation of the possession of resources in a process determine that the process can execute certain actions by using and consuming resources, so the provision of resources for a process determines the interaction ability of the process, or observation ability, it is that what actions of a process can be observed by another process, i.e., an ability of a process to communicate with another process. For this opinion, the observation bisimulation based on the set of observation ability is proposed, include strong and weak style, and its properties are studies.4) The logical characters of RUCCS are studied based on Hennessy-Milner logic, and the relationship between behaviour equivalence and logical equivalence.5) A uniform access control framework is established based on RUCCS, the specification of existing access control model can be described by the instantiation of resources, and this is show that RUCCS has powerful expression ability.6) RUCCS is used to study others typical process algebra, such as process calculus with distance-limited communication, a calculus for costed computations and secure process algebra etc. It is also show that RUCCS has a widely applicability. |
PDF Full Text Request