標題: | 一個在多階層安全網路中用於分散式計算的群體導向存取控制模式 A Group-Oriented Access Control Model for Distributed Computata- ions in Multilevel Secure Networks |
作者: | 吳旭林 Wu Shiuh Lin 謝續平 Shieh Shiuh Pyng 資訊科學與工程研究所 |
關鍵字: | 分散式計算;群體導向存取控制模式;多階層安全模式;distributed computation;group-oriented access control model; multi-level security model |
公開日期: | 1992 |
摘要: | 隨著在電腦網路與分散式系統中分散式計算的快速發展,產生了在使用者 的群體之間共享資訊的需求.一些共享的資源可能只能被一群的使用者所 存取,而非被個別的使用者所存取. 傳統的存取控制機制無法支援此種型 態的存取控制. 因為它們只針對各個實體(例如使用者,程序)來控制在各 個資源中所被允許的運作. 在本論文中,我們提出了一個在多階層安全環 境中用於分散式計算的模式,稱為群體導向存取控制模式. 使用這個模 式, 一個群體的任何合法的子集都能夠存取資源; 而在另一方面,此群體 的任何不合法的子集都將被拒絕存取.此模式也提供了在無關的計算之間 的隔離,並且確使在分散式計算中的資訊流向遵循多階層安全模式的規則, 比如Bell-LaPadula 模式. With the rapid development of distributed computations in computer networks and distributed systems, the need for information sharing among groups of users arises. Some shared resources may be only accessed by a group of users instead of individuals. Conventional access control mechanisms cannot support this type of access control because they only control the operations permitted on each resource by each subject(e.g. user, process). In this research, we present a model called "Group-Oriented Access Control Model" for secure distributed computations in a multi-level secure environment. Using this model, any legal subset of a group can access resources. On the other hand, any illegal subset of the group will be denied. It also provides isolation between unrelated computations, and ensures that the information flow in distributed computations follows the rules of a multi-level security model, such as the Bell-LaPadula model. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#NT810392063 http://hdl.handle.net/11536/56797 |
Appears in Collections: | Thesis |