| With the continuous development of information technology and its advance of construction,information systems are widely used. Information security has become a key problem to aninformation system. Particularly in the important information systems which have a highersecurity level, the disclosure of sensitive resources would affect social stability indeed. Due tothe complex level in critical information systems’ resources, the diversity of the access terminaland the user behavior, it is difficult to meet a high level of security requirement in the existingaccess control mechanisms.Nowadays, the ideas to solve information security problems which start from theinformation system terminal user behavior have been widely accepted.This paper propose anaccess control model based on the environmental measures and behavior assessment byassessing the behavior of terminal user in information systems, provide dynamic andfine-grained access control for users’ behavior in information systems, ensure the security ofinformation systems. The works can be summarized as the following aspects:(1) To meet a high level of security access control requirements in important informationsystems under an open network environment, the proposed model based on environmentalmeasurements and behavioral assessments, combined with the user behavioral dynamicassessment to measure the users’ trusted level. Using security rules combined of the conditionrules and authorization rules achieved dynamic access control for resources access. Comparedwith existing models, the proposed access control model was better able to adapt to thecomplexity of the environment and variability of the users’ behavior.(2) The terminal computing platform environment has important impact on the trusted levelof user behavior, for the diversity and complexity of the platform environment, amulti-dimensional environment trusted measure method is proposed. Comprehensive measure ofthe environment was based on authentication trusted level and platform trusted level.Authentication trusted level was calculated by the compromised probability of authentication,compared with the trust assessment method based on expert experience and knowledge, theproposed method was more computable and reasonable. Platform trusted assessment wasweighted average of Performance of user and trusted level of platform internal property.Compared to the traditional trust model considering only consider the external manifestations,the proposed model was more comprehensive, and better reflect the platform’s trusted level.(3) User behavior directly affects the security of information systems, to against theproblem of current user behavior assessment methods are mostly based on single behaviorfeature and the results isolated proposed a user behavior assessment method based on Multi-Entity Bayesian network. The method uses a Multi-Entity Bayesian networks integrated ofenvironmental trusted level and properties of user behavior, such as behavior patterns, resourceaccess and system operating, comprehensive assessment of user behavior. This methodovercomes the shortcomings of one-sided, isolated of existing user behavior assessment method.Simulation indicated that the proposed user behavior assessment method in this paper has bettereffect.(4) Design and implement the access control prototype system based on environmentalmeasures and behavioral assessment, the scene simulation verified that the system has accesscontrol ability based on environmental measurements and behavioral assessments for users’access to resources. |
PDF Full Text Request