Keywords: access control; Role access control; Task access control
I. Concepts and principles of access control
Access control, which originated in 1960s, is an important information security technology. Access control is a method to describe the security system and establish the security model from the perspective of access control. By some means, the ability and scope of access are explicitly granted or restricted, so as to restrict access to key resources and prevent illegal users from invading or legal users from unintentionally operating and causing damage. Access control generally includes three elements: subject (abbreviated as S), object (abbreviated as O) and control strategy (abbreviated as K). Subject refers to the active party that issues access operations and access requests, usually referring to users or processes; Objects are information entities, which refer to the information and resources in the system, and can be files, data, pages, programs, etc. Control policy is a set of operation behaviors and constraints of subjects on objects, which stipulates which subjects can access the corresponding objects and how much access rights they have. The behavior relationship among the three elements of the access control system is shown in figure 1.
When the subject puts forward a series of normal request information, it reaches the monitor monitored by the control rule set through the entrance of the information system, and the control strategy judges whether to allow or reject the request. Therefore, in this case, it is necessary to determine the legal subject first, not the fake liar, that is, the identification subject. The subject can only access the object after authentication, but it does not guarantee the right to operate the object. The specific constraints of an object on the subject are controlled by the access control list, and the authentication of the subject will generally identify the user's identity and password. The purpose of access control is to restrict the access rights of the access subject to the access object. In order to achieve this goal, access control needs to complete the following two tasks:
(1) Identify and confirm users accessing the system.
(2) Decide what access rights users can have to system resources [1]
In GB/T 187994.3, some basic functional components required by the access control system are defined, and the communication state between functional components is described.
The functional components of access control include four parts: initiator, access control executive function (AEF), access control decision function (ADF) and target. Initiator refers to the user of system resources in information system and is the main body of access control system; Target refers to the computer-based or communication-based entity that the initiator accesses or attempts to access, and is the object in the access control system; The role of AEF is to build a communication bridge between the initiator and the target. It must realize the above actions according to the ADF's authorized query instruction, which can be said to be the core of access control in information systems. When ADF judges the initiator's access request, it is based on a set of security access policies.
Two. Autonomous access control technology
Discretionary Access Control (DAC) first appeared in the time-sharing system in the early 1970s. It is the most commonly used access control technology in multi-user environment and is widely used in popular operating systems at present. DAC model is a model based on autonomous access policy, which allows legal users to access the objects specified in the policy as users or user groups, while preventing unauthorized users from accessing the objects. The owner of the object (that is, the resource owner) has full authority to manage the access authorization of the object and has the right to disclose or modify the relevant information of the object. Therefore, some scholars call it access control based on DAC master. In order to improve the efficiency, the system does not save the whole access control matrix, but implements access control based on the rows or columns of the access control matrix.
The characteristic of autonomous access control is that after the owner of the resource grants access rights to other users or user groups, the authorized users can access the resource independently or pass the rights to other users. Disadvantages are decentralized resource management; The relationship between users can not be reflected in the system and is difficult to manage; Information is easy to leak, and it can't resist Trojan attacks.
Three. Mandatory access control technology
Mandatory Access Control (MAC) first appeared in 1965, a security operating system jointly developed by AT&: Multics system, T and MIT, and was taken as one of the main evaluation criteria of B-level security system in the US Department of Defense 1983 trusted computer system evaluation criteria.
The MAC model is a multilevel access control policy model. Its main feature is that the system implements mandatory access control on the access subject and the controlled object. Commonly used mandatory access control refers to the predefined trust level of users and security level of resources. When users request access, the system will compare them to determine whether the access is legal. In the compulsory access control system, all subjects (users, processes) and objects (files, data) are assigned security labels, which identify the security level.
In the compulsory policy, resource access authorization is determined according to the related attributes of resources and users, or specified by a specific user (usually a security administrator). Its characteristic is that it is mandatory to stipulate that access users must or must not access resources or perform certain operations. Resources are characterized by mandatory access to objects. At present, the mandatory access control strategy is mainly used in military systems or systems with high security requirements [2]. Mandatory access control strategy has certain resistance to Trojan attacks. Even if the user process is illegally controlled by a Trojan horse, confidential information cannot be spread at will. The disadvantages of mandatory access control are mainly reflected in its inflexible use and narrow application field; In addition, mandatory access control does not pay enough attention to the manageability of authorization, which is too heavy, inconvenient and inflexible to manage, too much emphasis on confidentiality, and does not fully consider the continuous working ability of the system.
4. Role-based access control technology
Role-based access control (RBAC) model is a popular advanced security access control model. The concept of RBAC originated from the multi-user and multi-computer system in 1970s. In 1992, D.Ferraiolo and R.Kuhn formally defined the RBAC model on the basis of the existing RBAC concept. By introducing the concept of "role", RBAC model decouples the subject and object in access control and the corresponding permissions. The basic concepts in RBAC include users, roles, permissions and sessions.
The basic idea of RBAC model is to introduce the concept of role between users and permissions, and realize the logical isolation of users and permissions with roles. The so-called role is the collection of operations that the access subject can perform or services that can be accessed in the system. The biggest advantage of RBAC lies in the simplification of management. After the establishment of RBAC system, the main management work is to authorize or cancel the user's role. In RBAC system, permissions are not directly assigned to users, but are first assigned to roles, and then the system assigns certain roles to users, so that users can obtain corresponding access rights according to roles. When the system functions change or evolve, it is only necessary to delete the old functions of roles, add new functions, or define new roles, without updating the permission settings of each user, which greatly simplifies the management of permissions.