一個以規則為基礎之非集中式資料共享安全機制

Abstract

隨著網際網路的普及而成為大眾資訊交流的媒介，資訊共享的安全與隱私權保護的課題益發重要。保護機制不完善的資料共享系統可能會導致機密的資料洩漏。為了減低這樣的風險，已有許多不同資訊安全的機制與技術被提出。而這些方法大多採用以標籤為基礎的存取控制機制。進一步地說，這些安全機制為系統所管理的資料及使用者貼上適當的標籤，並根據這些標籤來制定及執行不同的安全政策。然而，為了讓安全政策可以正確的運行，這些方法需要複雜且冗長的管理。另一方面，大多數的方法主要是針對資料的存取，而對於處理資料的工具本身並沒有進一步的控制。由於判定一個的工具能否存取某筆資料取決於使用此工具的使用者，使得安全管理的正確性不易控制。在本篇論文中，我們提出一個資料分享的模型，能提供一個有彈性且非集中式的方法來控制資訊流動，而不須仰賴集中式的管理。此模型中，每個使用者可以指定其個人的存取等級，並根據此存取等級對資料及工具貼上標籤。並且，藉由非集中式的工具降級設定，每個使用者可以個別地增強或減弱某工具所能存取的資料等級，進而達到更方便且安全的政策制定。最後，為了減少對每筆資料貼上標籤的麻煩，我們的模型使用了一個以規則為基礎的標籤機制來處理不同等級的資料。總結來說，我們的模型利用靈活的政策管理，統合且改進了現存的模型，能作為未來網際網路資訊共享安全機制的核心。

As the Internet becomes a ubiquitous environment where people with different background and purposes can share their information, information security and privacy have become an increasingly critical issue. With poor protection, informa-tion systems may leak sensitive information to the open public. To reduce such risks, there have been many security mechanisms and technologies proposed and developed. Most of these approaches rely on a mixture of label-based access con-trol and information flow mechanisms. Specifically, they enforce various security policies by attaching suitable labels to information as well as users and grant data access based on these labels. However, many labeling approaches often require complicated managerial efforts in order to set up and enforce security policies cor-rectly. In addition, they focus primarily on labeling data without paying too much attention to sharing tools that process these data. As a result, whether a given tool can access a piece of data depends on who is invoking the tool, making correct security management more challenging. In this thesis, we propose an information sharing model that permits controlling information flow in a flexible, decentralized manner, where each user can specify his/her own access hierarchy instead of rely-ing on centralized security management. Based on the access hierarchy, each user can label both data and tools in a consistent manner, and can realize data declassifi-cation by restricting or relaxing the access level of individual tools. Finally, to re-duce the overhead associated with individual data labeling, we introduce a rule-based labeling mechanism to associate data with their access levels correspondingly. In summary, we believe our model is a unification of and improvement over exist-ing access control mechanisms, and can contribute to secure information sharing over the Internet.