Security代写:COMP3446 Intelligent Access Control Security

设计一种安全的访问控制模型,完善现有的访问控制方法的缺陷。

Project description

Traditionally, access control policies were described as a set of fixed rules governing access by users on sensitive resources. Over time, policies have become more dynamic, both in their ability to utilise dynamic information from the domain environment and in the sense that different policies can be employed, depending on environmental factors. Recently, there has been advancement in the area of intelligent access control, where the rules of the policy learn and adapt depending on knowledge gleaned from the environment over time. This project will focus on the creation of a system with an intelligent access control policy. The student will be able to create both their own intelligent access control policy and a scenario in which to enforce the policy.

Requirement

You would need to look into access control models and access control policy languages to identify a way to express rules that contain the elements you want to include in your rules. At a basic level, an access control rule is a triple (subject, object, action), where the subject (i.e. user) is permitted or not permitted to perform the action on the object. This basic structure would not be suitable for you, since such rules do not take into account dynamic data. This is needed for your rules because you want to specify things like users being allowed to access data if it is daytime or nighttime, for example. So the time would be an example of dynamic data.

A model that would be useful to look at is the Attribute-based Access Control model.

A popular language for expressive access control specifications is XACML. This allows you to use any kind of data in your rules.

Make sure to focus on the key aspect of your project, which is the ability for the access control rules to automatically change and adapt to the environment. You need to design an access control system which can do this. An example of this is in the following paper: http://www.informatica.si/index.php/informatica/article/view/170

In this work, the system learns various things about the users and raises an alarm if it detects abnormal behaviour. For example, for each user, it learns how long it takes for the main entrance door of their workplace to close when they enter it. If, one day, the door takes longer to close than the amount of time learnt by the system, it will raise an alarm. This could mean that it is not them entering, or that another person has entered the building who may not be authorised to enter.

Your system should be able to monitor and learn from the environment and based on that, build or adjust rules. The elements required for the rules is up to you. Also, the number of rules is not important. What is important is the capability of the system to learn and build/adjust rules - this is the “intelligent” aspect of the project. You may be able to show that this aspect is good with just a few rules.