25 201002666
1 4 1.1................................... 4 1.2.................................. 5 1.3............................... 5 1.3.1 RBAC................. 5 2 7 2.1.............................. 7 2.1.1 (subject).......................... 7 2.1.2 (object).......................... 7 2.1.3 (Community)................... 8 2.2 Covert Channel............................. 8 2.2.1......................... 8 2.2.2 Covert Channel................ 9 2.2.3...................... 9 2.2.4.......................... 9 2.3.......................... 10 2.4............................... 11 2.4.1......................... 11 2.4.2..................... 12 2.4.3......................... 14 2.5................ 16 2.5.1........................ 16 2.5.2............... 17 2.5.3.................... 18 2.6............................. 19 2.6.1..................... 19 2.6.2................... 19 2.7............................ 19 2.7.1................... 19 2.7.2................ 20 2.7.3................... 20 1
2 3 22 3.1................................... 22 3.2............................... 22
2.1.............................. 7 2.2 Covert Channel.......................... 9 2.3.............................. 10 2.4 object....................... 11 2.5............................... 12 2.6 c............................. 13 2.7 b............................... 13 2.8 4................................ 13 2.9............................ 14 2.10................ 16 2.11 ACL............... 18 2.12.................. 19 2.13.......................... 19 2.14.................. 20 2.15................ 21 2.16......................... 21 3.1....................... 22 3
1 1.1,,.,.,... ( RBAC),.RBAC,.,,. [1].,,.,.,2016 1. 12,,,.. IC [2]. IC,,,,.,.. RBAC,.,. 4
5 1.2,,.,., [3]..,..,,. [9].,. 1.3 1.3.1 RBAC [4].,.,,. ID, RoleSet
6 RBAC,.
2 2.1 (subject) (object) R(Read: ),W(Write: ),RW(Read+Write: ), (Phi: ) 4 [4]. 2.1: 2.1.1 (subject). 2.1.2 (object),. 7
8 2.1.3 (Community),,...,, ( ).. Community Based Access Control Model. 2.2 Covert Channel 2.2.1 Covert Channel, (Object: ) (Permission: ) (Subject:, ),. Covert Channel... S2 O1. 1. S1(Subject) O1(Object). 2. S1 O1 O2(Object). 3. S2(Subject) O2. 4. Covert Channel O1 S2..
9 2.2: Covert Channel 2.2.2 Covert Channel Covert channel, (Covert Channel),.,,. Covert Channel. WWW covert Channel. Covert Channel. 2.2.3,..,permission(read,write, read, write), subject( ), Object( ) 3,. 2.2.4 Covert Channel Covert Channel. 4,.3,Read.
10, Covert Channel.. Covert Channel,, 2.3 (a)(b)(c)(d) Covert Channel. 1. (S1,O1) READ 2. (S1,O2) WRITE 3. (S2,O1) READ 4. (S2,O2) READ,,(a) (d) Covert Channel. 2.3: 2.3,,.
11.,., SNS,,.,..,.,.. 2.4: object 2, O1,O2,O3, O4. 2.4 2.4.1 (, ),,(, ).. 2,, 2 [10].,,,,,,,,.
12 2.4.2 V E G = (V, E). V 2, ( ).,. 2.5:,,,.2.5(1) 1, a, 2, d, 4,. 4 1. (2) 1, a, 2, d, 4,.... u v v u u v. 2..,.(.2.6),.(.2.7).(.2.8)
13 2.6: c 2.7: b 2.8: 4
14,., 1,.,. E, e E. G, E G E G E. 2.4.3 e w(e) G = (V, E) G v 0, v 0 G., v w. v 0, v w v w... a a. 2.9: 1956.,.,
15. G = (V, E) v 0, G v V v 0 v δ (v) 0,. δ (v) δ (v 0 ) v v 0 δ (v)=+.. G.,. v 0 δ (v 0 )=0., v v. v v 0 v v. Pre(v), v Pre(v)=,...2.9. (1) a b,d (a,b), (a,d),. ( a) Pre(b)=a,Pre(d)=a. (2) c 3, ( ). Pre(c)=a. (3) e,. Pre(e)=b.
16 2.10: 2.5 2.5.1 G=(V,E). c:v C. (v, w) E 2 v, w V c(v) c(w). C,,., P P..., L : V 2 c. G c, v V c(v) L(v) G
17. v V L( )=C.c. 2.5.2,. V, O i1...o i1 V O j V (O i1, O j ),..., (O ik, O j ). ACL. ACL read., C.,ACL, S i C O j V read,s i L(O j ) O j S i..2.4, ACL.
18 2.11: ACL S i O j read O j S i..2.5 O 1,O 2,O 3 S 1., O 4 O 1,O 2,O 3 S 1 O 4 S 1.,S 1 / L(O 4 ),ACL S 1 O 4 read,.,. : P. P = v v (u i, v),..., (u k, v) u i c(v)=c(u i ).. 2.5.3.,O 1,O 2 O 4,O 1,O 3 O 4. O 1,O 2,O 3 O 4, O 1,O 2,O 3 O 4..
19 2.12: 2.6 2.6.1 2 [5]. 2.. H=(V,E). V,E 2 V V. 2.6.2 H=(V,E) V E. V 2 S,T (S,T). 2.13: 2.7 2.7.1,.
20,,,,,.,. 2.7.2 IC IC,,,,, (, ).,. 4. 2.7.3.. 2,... 2.14:.
21 2.15:,,. 2.16:.
3 3.1,, [5].., ACL 3.2. 3.1: ACL read ACL 22
23, ACL. (O1,O2) (O5),(O3,O4) (O5) O1 O2 S0,O3 O4 S3 O5 S0 S3. (O5,O6),(O7),O6 S3,O7 L S3 O5 S0 O5 O6 S3 O7 S3. O5 S0 S3.,.
[1] : pp.5-6(2009) [2],http://www.cas.go.jp/jp/seisaku/bangoseido/ [3] :,,pp2-8(2012) [4] Avita Katalt, Pranjal Gupta, Mohammad Wazid, R.H. Goudar, Abhishek Mitta, Sakshi Panwar and Sanjay Joshi: Authentication and Authorization: Domain Specific Role Based Access Control Using Ontology,Proc.Intelligent Systems and Control (ISCO),pp439-444,Jan. 2013 [5] : (2011) [6] Rick Kuhn: Role Based Access Control,ProcInromation Technology council(iti),pp6-13,(2013) [7] :, (2005) [8] : pp.25(2013) [9] " ", http://157.14.215.152/page/library/kaihou/2406_03_mynumber.html [10],,,, :, (2012) 24