| Access control is one of the most critical,core security services in information security.The user and the permission are key elements in access control.Studying the internal relations among users,among permissions and also the relations between the user and the permission helps us to define and enforce more reasonable access control policy and constraint policy.The constraint is considered to be the principal motivation of Role-Based Access Control;it mainly concerns the avoidance of sensitive combination of permissions or objects being assigned to the same user or same role which may result in a conflict of interest or commercial fraud.Chinese Wall security policy prevents accumulation of mutually exclusive objects to the same user.So,the relations among users,permissions or objects are also nontrivial research issue in the access control research area.Main contributions of this thesis are:1.We examined the original intention of Separation of Duty Constraints of RBAC and Chinese Wall security policy,then mined similar user clusters in access control,and on this basis proposed an approach of user cluster based access control constraint for risky permission set;finally,experimental results are provided to show the feasibility and effectiveness of the proposed approach.The proposed approach improves the flexibility of traditional access control constraints.It not only able to enforce traditional access control constraints like Separation of Duty Constriants of RBAC and Chinese Wall security policy,but also effectively prevents that similar users conspire to attack the application system.2.We developed a system,Attribute-Based Access control system with constraints,which is based on the access control constraint approach proposed in our thesis.in our system,we used Bron-Kerbosch overlapping clustering algorithm to mine and cluster similar users;user`s similarity is based on user attributes.Finally rendered access control decision according to similar user clusters and the risky permission set. |
PDF Full Text Request