• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2015, Vol. 37 ›› Issue (10): 1831-1835.

• 论文 • 上一篇    下一篇

基于用户身份标识的外设访问控制方法

陈松政,魏立峰   

  1. (国防科学技术大学计算机学院,湖南 长沙 410073)
  • 收稿日期:2015-02-20 修回日期:2015-05-25 出版日期:2015-10-25 发布日期:2015-10-25
  • 基金资助:

    国防预研重点基金资助项目(9140A15070213KG01043)

Peripheral access control based on user identity  

CHEN Songzheng,WEI Lifeng   

  1. (College of Computer,National University of Defense Technology,Changsha 410073,China)
  • Received:2015-02-20 Revised:2015-05-25 Online:2015-10-25 Published:2015-10-25

摘要:

针对现有设备访问控制方法控制粒度粗、控制方式单一的问题,提出一种基于用户身份标识的外设访问控制方法。该方法利用角色外设访问控制列表、用户组外设访问控制列表、用户外设访问控制列表实现了对外设的灵活、细粒度控制。结合Linux操作系统进行了结构设计和实现,通过设备特征数据库实现对各种外设的甄别,通过策略数据库实现对外设的角色、用户组和用户控制,通过访问仲裁实现对外设的灵活访问控制,并对所有操作进行审计。最后,通过功能测试验证了方法的有效性,分析了方法的特点。

关键词: 外设, 访问控制列表, 角色控制, 安全策略

Abstract:

With respect to the coarse granularity and simplicity of the existing equipment control methods, we propose a peripheral access control method based on user identification, which can achieve a flexible and fine-grained access control for peripherals by using peripheral role access control lists, user group peripheral access control lists and user peripheral access control lists. Based on Linux operating system, we design and implement a framework, in which we utilize a peripheral feature database to identify a variety of devices; a policy database to define access permissions in connection with roles, user groups and users; and an arbitration procedure to check the accesses of peripherals. Finally, the functions are tested to verify the validity of the method and the features of the method are analyzed.

Key words: peripheral;access control list;role based access control;security policy