一個安全控制系統的設計與應用

Abstract

我們設計了一個安全控制系統來監控資訊系統之運作。這個安全系統包含 了五個子系統：(一)確認和授權子系統：為對使用者身份鑑別與授權確認 的處理，它將使用者通行碼利用公開金匙密碼法與單程函數加密法予以加 密，以確保通行碼安全。(二)權限管理子系統：對不同使用者應給予不同 權限，繼承、授權、取消等皆依一套授權模式與規則來運作。(三)強制性 控制子系統：在資料解密前及資料解密後依使用者權限篩檢合法性資料 。(四)稽核驗證子系統：為防止加密資料被侵入更改，系統能偵測出來被 更改的資料，以保持資料一致性、整合性目的。(五)加解密子系統：以資 料欄位層次加解密，系統並且可以提供水平式資料存取控制與垂直式資料 存取控制之應用。此外，為防止推論式探詢資料庫機密，本論文建議利用 專家系統觀念，建立一個專家系統式安全推理機制來防制推論威脅。此推 理機制以前向式推理與後向式推理分析使用者輸入敘句，並擷取規則庫中 所儲存或導出的不同規則作為推理之憑藉。此推理機制可以視為安全控制 的附加系統。本論文所設計的安全控制系統，適用於固定記錄長度 (fixed record length)之資料庫應用系統，為了文字解說之便利，論文 中都以人事資訊系統為例說明其應用。在實作上，我們已完成一個可以在 個人電腦網路上多使用者運作的雛型系統，此安全控制系統除少部份屬次 要未完成外，大致上已完備，但是，推理機制的實作仍是相當簡陋，其運 作之效率猶待未來之研究。最後，為了解安全控制系統之存取控制的應用 與組織之關係，也從管理學之不同組織架構和職權分配等觀點探討存取控 制模式之適用性。 A security control system was designed to supervise secure operations of information systems. This system is composed of five subsystems:(1)Identification and Authentication Subsystem (IAS) utilizes public-key cryptography and a one-way function to protect users' passwords and to authenticate legal users. (2)Privilege Adminstrative Subsystem (PAS) manages the authorization, inheritance, and revocation of access privileges. (3)Mandatory Control Subsystem (MCS) prohibits data from flowing to illegal access. (4)Audit and Validation Subsystem (AVS) prevents ciphertext being intruded, detects modifications of ciphertext, keeps data consistent, and maintains database integrity. (5)Encryption and Decryption Subsystem (EDS) encrypts and decrypts data at the record field level, and provides applications of horizontal and vertical data access control. An inference mechanism was also suggested to prevent inference threat to database privacy and secrecy. An expert system was built to retrieve rules from a rule base to analyze users' predicates. The expert system can be considered as a supplementary subsystem to the security control system proposed in this thesis. The proposed design can be applied to any database system with fixed record length, though applications to personnel information systems were particularly given as examples throughout the using thesis. A prototype system was developed in a local area network personal computers, where the database was stored in the file server.The prototype system includes all the five subsystems and most of their functions described in the thesis were implemented, though the supplementary expert system is quite primitive and its efficiency remains to be investigated further. Finally, the managerial implicatons of the access control system were discussed from the aspect of organizational structures.