访问控制技术宣讲人：孙婷婷

Download PPT Report

Upload
scarlett-mckay
View
71
Download
0

Embed Size (px)

DESCRIPTION

访问控制技术宣讲人：孙婷婷. 主讲内容. 访问控制基本原理自主访问控制强制访问控制基于角色的访问控制. 访问控制的基本原理. 访问控制（ access control ）是实现既定安全策略的系统安全技术，其目标是防止对任何资源（计算资源、通信资源和信息资源）进行非授权的访问。访问控制系统一般包括：主体（ subject ）：发出访问操作、存取要求的主动方客体（ object ）：主体试图访问的资源安全访问策略：一套规则，主体是否对客体有访问能力访问控制功能组件包括：. 执行访问请求. 提交访问请求. 发起者. - PowerPoint PPT Presentation

Citation preview

access controlsubjectobject

AEFADF
coarse grainedmedium grainedfine grained
2070
123412JohnOwnRWOwnRWInquiryCreditAliceROwnRWWRInquiryDebitInquiryCredit

BobR

WROwnRWInquiryDebit
capability listprofiles listpassword
JohnAliceBob

1OwnRW

3OwnRW

1OwnRW

3OwnRW

1OwnRW

3OwnRW

1OwnRW

3OwnRW

1OwnRW
access control listACL
2314

AliceOwnRW

BobR

JohnOwnRW

AliceOwnRW

AliceR

BobOwnRW

JohnOwnRW

AliceR

BobRW
HRUTAMATAM
BLPBiba
so(s)(o)*-so(s)(o)*-*-
TSSCUTSR/WWWWSRR/WWWCRRR/WWURRWR/W
BibaBLPBibaso(s) (o)*-so(s)(o)

TSSCUTSR/WRRRSWR/WRRCWWR/WRUWWWR/W
RBAC202090NISTRBACDACMAC RBAC
RBAC
NISTRBACRBACRBAC4RBACRBAC 5usersrolesOBSOPSPRMSRBACsession
UsersrolesOPSOBSUAusersrolesAssigned_users:(r:roles)2usersrAssigned_users(r)={u users|(u,r) UA}.PRMS=2(OPS OBS)PAPRMSrolesSessionsUser_sessionsuSession_rolessAvail_session_permss
RBACRBACRBAC2001(static separation of duty relations , SSD)/RBAC2001UAUASSD1
dynamic separation of duty relations , DSDDSD

rbac*RBACRBAC*RBACRBAC*ABA*SSDrole_set,nn*SSDDSD.DSDrole_set,nn*