面向云资源融合的访问控制决策引擎优化技术研究

项目名称： 面向云资源融合的访问控制决策引擎优化技术研究

项目编号： No.61202476

项目类型： 青年科学基金项目

立项/批准年度： 2013

项目学科： 计算机科学学科

项目作者： 王雅哲

作者单位： 中国科学院信息工程研究所

项目金额： 23万元

中文摘要： 云计算资源融合应用场景对传统访问控制决策引擎在"策略状态全过程控制、系统自主管理、智能化高效响应"等方面提出诸多安全需求，其背后蕴含的深层次科学问题仅依靠领域内常规理论技术已很难有所突破。本课题通过建立云资源访问控制策略全生命周期体系为策略在制定、检测、部署和决策等不同阶段间的状态迁移提供目标一致性验证机制，借助自主计算理论和免疫计算理论蕴含的仿生机理，从自管理角度设计基于感知反馈控制环路的自适应访问控制模型，为决策引擎提供自配置、自调整能力，从运行实施角度利用免疫学习、免疫记忆等生物智能特征设计引擎智能决策实现算法和专有数据结构，在多层次优化技术集成的基础上研发访问决策引擎原型验证系统。本研究力图利用多学科交叉的创新优势为云计算场景下新一代访问控制技术研究提供新思路新方法，具有较高的理论意义和实用价值。

中文关键词： 访问控制；策略全生命周期管理；决策引擎优化；自主计算；免疫计算

英文摘要： Cloud computing resource integration scenarios make a lot of security requirements for traditional access control decision engine, such as the whole process control of policy status, self-management, intelligent and efficient response et al. these in-depth scientific issues could not be solved only depend on general theory and technology in authorization field. This proposal will establish the full lifecycle architecture of cloud-based security policy aims to provide target consistency verification mechanism for policy status transition among design-detect-deploy-decision phases. The bionic mechanism implicated by autonomic computing and immune computing theories will be used in this scheme extensively. From self-management point of view, design self-adaptive access control model through sensing and feedback control loop to provide capacity of self-configuration and self-adjustment. From implementation point of view, design intelligent access control decision algorithm and proprietary data structures for immunological learning and immunological memory, develop prototype system of decision engine based on the integration of multi-level optimization techniques.This research strives for utilising the multidisciplinary innovation advantage so as to provide new ideas and methods for the next generation of access con

英文关键词： access control；policy lifecycle；decision engine optimization；autonomic computing；immune computing