| With the development of office automation, files become increasingly an important role in the information systems of the government and enterprises. Disclosure or improper usage of the file information may lead to a huge risk and loss. Therefore, how to ensure the security of the files during their entire life cycle is significant theoretically and practically.This paper presents a cluster of usage control models for files and then implements a prototype system, which solves the security control problem for files during the entire life cycle using traditional access control technologies in the network environment. The main contributions in this paper are as follows:1) A cluster of file usage control models FUCON (File Usage Control Models) is proposed, which is based on the UCON (Usage Control), and then analyzes the security of the model. FUCON consists of one basic model FUCONO and three extended model FUCON1, FUCON2and FUCON3. FUCON1is applicable to the usage of the files which are in the internal network environment, and it provides dynamic authorization and continuity of access decision evaluation for the usage of the files, which could ensure the security and the legitimacy of the internal users file in the whole process2) A file usage control system for INTRANET based on FUCON1is designed. The client and server side reference monitor (CSRM) is introduced into this system, which could ensure continuity of access decision evaluation for files in both online and offline. XACML is selected as the usage control policy language for files, which could increase the expressiveness and the flexibility of the usage control.3) Finally, the client-side and server-side programs of the file usage control system are implemented, and then the system is tested in functionality and performance. The test results show that the system can better ensure the security of the files before and after their distribution, and has better performance. |
PDF Full Text Request