Paper:
Quantitative Analysis Method of EXRBAC Model with N-Dimensional Security Entropy
Likun Cai*, Yaping Dai*, Qian He*, Linhui Zhao**, and Xiangyang Liu*
*School of Automation, Beijing Institute of Technology
No.5 Zhongguancun South Street, Haidian District, Beijing 100081, China
**College of Mechanical and Electrical Engineering, Beijing Union University
Baijiazhuang Xili Street, Chaoyang District, Beijing 100020, China
On how to evaluate the performance of access control models, a method of N-dimensional security entropy is described in this paper. According to the definition and description of the information entropy in information theory, the definition of the One-dimensional Security Entropy is introduced and the one-dimensional security entropy in Discretionary-access Control model is discussed firstly. Then the N-dimensional security entropy is extended based on the unauthorized access, and by means of the N-dimensional security entropy, the quantitative security performance is measured in RBAC model. In order to measure the security of management information system with complex role level, an extension of RBAC access control (EXRBAC) model is presented in this paper, which could get quantitative analysis with N-dimensional security entropy methods. Through analyzing and comparing the security performance of these three access control models, it is shown that the EXRBAC model performance is improved in multi-class and multi-level roles condition.
- [1] F. Hong, “Access Control,” Wuhan: Huazhong University of Science and Technology Press, 2010.
- [2] H. Y. Liu, J. L. Fan, and J. F. Ma, “Research advances on access control,” Mini-Micro Systems, Vol.25, No.1, pp. 56-59, 2004.
- [3] Y. X. Jiang, C. Lin, H. Yin, and Z. X. Tan, “Security analysis of mandatory access control model,” IEEE Int. Conf. on Systems, Man and Cybernetics, 2004.
- [4] L. Tan and M. T. Zhou, “Implementing Discretionary Access Control with Time Character in Linux and Performance Analysis,” J. of Electronic Science and Technology of China, Vol.4, No.3, pp. 274-280, 2006.
- [5] R. S. Sandhu, E. J. Coyne, and H. L. Feinstein, “Role-base Access Control Models,” IEEE Computer, Vol.29, No.2, pp. 38-47, 1996.
- [6] C. E. Shannon, “A mathematical theory of communication,” Bell System Technical J., Vol.26, No.3, pp. 379-423, pp. 623-656, 1948.
- [7] C. Wang and X. Y. Chen, “An approach for security analysis to access control policy based on Entropy-Weigh,” ATCA Electronica Sinica, Vol.4, No.1, pp. 47-51, 2013.
- [8] Z. Y. Fu, “Foundation and application of information theory,” [M]. Electronic Industry Press, 2007.
- [9] V. P. Singh. J. G. Zhang, “Information entropy theory and its application [translate],” Beijing: China Water Power Press, 2012.
- [10] Y. K. Zhu, Z. Y. Wang, J. C. Ren, et al., “Research on an entropy-based information security analysis method,” Computer Engineering & Science, Vol.31, No.1, pp. 28-30, 2009.
- [11] D. Denning, “A lattice model of secure information flow,” Communications of the ACM, Vol.19, No.5, pp. 236-243, 1976.
- [12] C. Wang and X. Y. Chen, “A conspire-accesses risk control model based on information flow graph,” Computer Engineering, Vol.39, No.8, pp. 173-176, 2013.
This article is published under a Creative Commons Attribution-NoDerivatives 4.0 Internationa License.