CN100490387C - Token-based fine granularity access control system and method for application server - Google Patents

Abstract

A token-based fine-grained access control system and method for an application server, the system includes: a business unit that needs to access resources and/or capabilities in the application server, a business agent unit composed of codes that ensure security, and each A system resource/capability unit consisting of various file resources, network resources, database resources and other resources and/or capabilities, an access control unit consisting of sequentially connected access control checkers, system security controllers, and security policy managers, and a Check result cache table, access token table, subject token table, token index table and other security control tables are composed of access control token and data storage unit, each component cooperates to complete token-based fine-grained access control . The method can not only effectively control various access operations and improve the security of the application server; moreover, it has high efficiency and minimizes its influence on the normal processing operation of the system while protecting the system security.

Description

Token-based fine-grained access control system and method for application server

technical field

The invention relates to a token-based fine-grained access control system for an application server and an implementation method thereof, belonging to the technical field of network communication.

Background technique

The next-generation network is a new type of integrated network that adopts a layered and open architecture, is based on packet switching technology, and can simultaneously support multimedia services such as voice, video, data, text, and images. The main technical advantage of the next generation network is the use of open protocols or API interfaces between various network entities, which is conducive to breaking the closed pattern of traditional telecommunication networks and realizing the integration of various heterogeneous networks.

The application server is a service provision system oriented to the next generation network, and its main function is to provide a business logic execution environment. The business runs in the business execution environment, and the business execution environment runs on the computer platform. In the present invention, business means an application program that provides services for customers, where the customers are people or other programs. The services that a service can provide include booking tickets online, querying stock information, querying service billing information, establishing multi-party multimedia conferences, and providing mobile user location information.

With the development of network technology and the increasing number of online applications, more and more businesses and transactions are conducted through computer networks, and the ensuing information security issues such as leaks and hackers have increasingly prominent impacts on e-commerce and e-government affairs. The security of information systems has become a hot spot in the industry and users.

Information security technology includes: encryption technology, identity authentication, access control, intrusion detection, risk analysis and evaluation, and many other aspects. In practical applications, these security technologies support and cooperate with each other, each solving a certain aspect of information security issues. However, at present, the focus of people's attention is on cryptography, identity authentication, intrusion detection, etc. Access control technology has not received due attention. In fact, access control technology is an indispensable security measure in the information security system, an important part of the application server security protection measures, and it is of great significance to protect the security of the host hardware system and application software system.

Access control technology originated in the 1970s, when it was mainly used to manage authorized access to shared data on mainframe systems. With the development of computer technology and applications, especially the development of network applications, the ideas and methods of this technology are rapidly applied to various fields of information systems. In the course of 30 years of development, a variety of important access control technologies have emerged successively, the basic goal of which is to prevent illegal users from entering the system and legal users from illegally using system resources. For this reason, access control is usually based on the premise of user identity authentication, and on this basis, various access control strategies are implemented to control and regulate the behavior of legitimate users in the system.

Access control systems usually include: subject: the active party that issues access or access operation requirements; object: the program invoked by the subject or the data object to be accessed; security access policy: a set of rules that determine the subject’s access to the object rule.

At present, the widely accepted mainstream access control technologies mainly include three types: discretionary access control, mandatory access control and role-based access control, which are introduced respectively below.

The basic idea of discretionary access control (DAC, Discretionary Access Control) is that subjects in the system can grant all or part of their access rights to objects to other subjects autonomously. Its implementation method is generally to establish a system access control matrix. Traditional autonomous access control security protection capabilities are limited. Although DAC has been implemented in many systems (such as UNIX), one of the Achilles' heels of DAC is that the granted access rights can be passed. Once the access rights are passed on, it will be difficult to control, and the management of access rights will be quite difficult, which will bring serious security problems; moreover, no matter which form of DAC is used, the system overhead will be quite expensive and difficult to pay. Furthermore, the efficiency is quite low, and it is difficult to meet the needs of large-scale applications, especially network applications.

Mandatory Access Control (MAC, Mandatory Access Control) originates from the requirements for information confidentiality and the prevention of attacks such as Trojan horses. MAC prevents direct or indirect illegal intrusion through unavoidable access restrictions. The subject/object in the system is forced to assign a fixed security attribute by the Security Officer (SO, Security Officer), which determines whether a subject can access a certain object, and the user or user process cannot change itself or other host/object. The security attributes of the object. Each subject in the mandatory access control system is granted a security certificate, and each object is assigned a certain sensitivity level. The two key rules of access control are: no upward reading and no downward writing, that is, information flow can only flow from low security level to high security level, and any violation of acyclic information flow is prohibited.

MAC is mainly used in military applications at first, and it is often used in combination with DAC. The subject can only access an object after passing the inspection of DAC and MAC. Because MAC imposes stricter access control on the object, it can prevent programs such as Trojan horses from stealing protected information, and at the same time, MAC also has the ability to prevent the possibility of users accidentally leaking confidential information. However, if the user leaks information maliciously, there may still be nothing he can do; moreover, because MAC adds unavoidable access restrictions, which affects the flexibility of the system, especially for fine-grained access control, MAC cannot meet the requirements. On the other hand, although MAC, as a multi-level access control system, enhances the confidentiality of information, it cannot implement integrity control; because online information requires more integrity, it affects the online application of MAC.

With the rapid development of networks, especially the rise of Intranet, higher requirements are placed on the quality of access control services, and the above two access control technologies are difficult to meet these requirements. DAC leaves part of the right to grant or cancel access rights to individual users, making it difficult for administrators to determine which resources users can access with access rights, which is not conducive to the realization of unified global access control. However, MAC puts too much emphasis on confidentiality, and does not consider other aspects such as the continuous working ability of the system and the manageability of authorization. Therefore, a role-based access control (RBAC, Role-Based Access Control) technology emerged after the 1990s.

In RBAC, the important concept of roles is introduced. The so-called "role" is a collection of operations that a user or a group of users can perform in an organization. The basic idea of RBAC is: the access rights authorized to a user are usually determined by the role the user plays in an organization. For example, a bank contains roles such as teller, accountant, and loan officer. Because of their different functions, they obviously have different access rights. RBAC performs access authorization and control based on the roles that users play in the organization. That is to say, traditional access control directly links the access subject and object, while RBAC adds roles in the middle, and communicates the subject and object through roles. In RBAC, although user identification is very useful for identity authentication and audit records, what really determines access rights is the corresponding role identification of the user. RBAC's authorization of access rights is managed by the administrator in a unified manner. Moreover, authorization regulations are imposed on users, and users can only passively accept them and cannot make independent decisions. Nor can users voluntarily pass on access rights to others. This is a non-discretionary type of access control. At present, although RBAC has begun to be applied in some systems, RBAC is still in the development stage, and mature products have not yet appeared, so how to apply it is still a rather complicated problem.

Contents of the invention

In view of this, the purpose of the present invention is to provide a token-based fine-grained access control system for application servers, which can reasonably and efficiently control access and improve the security of application servers.

Another object of the present invention is to provide an access control method for an application server. This method can not only effectively control various access operations and improve system security; At the same time, minimize its impact on the normal processing operation of the system.

In order to achieve the above object, the present invention provides a token-based fine-grained access control system for application servers, the system includes:

A business unit, consisting of an application program providing services to customers, which requires access to resources and/or capabilities in the application server;

The resource/capability unit consists of at least various file resources, network resources, database resources and other resources and/or capabilities; it is characterized in that: the system also includes:

The business proxy unit is composed of security-guaranteed codes, which communicate with the business unit, the resource/capability unit and the access control unit respectively, and are used to access the resource/capability unit for business on behalf of the business;

The access control unit consists of sequentially connected access control inspectors, system security controllers, and security policy managers for token-based fine-grained access control when the subject accesses objects; where the access control inspector receives the business agent For an access request, first retrieve the access control inspection result of the access request in the inspection result cache table; if the inspection result record corresponding to the request is retrieved in the inspection result cache table, the retrieved inspection result record will be returned directly to the business agent; if the check result record corresponding to the access request is not retrieved in the check result cache table, the access request is sent to the system security controller, and the system security controller verifies whether the subject has the right to execute the object operation The token and the verification result are given, and the verification result is returned to the business agent and the inspection result is updated to the inspection result cache table; the security policy manager is used to implement the security access control policy of the system, and periodically clear the inspection result cache surface;

The access control token and data storage unit include: a check result cache table for caching the access control results of the system, an access token table for storing the tokens corresponding to different permissions for accessing each object, and a table for storing the objects owned by the subject. The subject token table of the token list, the token index table of the subject identification list holding the token, and at least other security control tables including the definition of the system security policy, wherein the check result cache table is connected to the access control unit at the same time The three parts, the access token table, the subject token table, the token index table and other security control tables, only form a communication connection with the system security controller and security policy manager in the access control unit, and are used to cooperate with access control The unit completes token-based fine-grained access control.

The description mode of the token and the data in the token and the data storage unit of the control access includes the data structure designed by the extended markup language XML or other high-level programming language, or the database form; the storage form of the token and the data includes the internal memory , or files, or databases; storage is centralized and/or distributed.

The token is a necessary certificate for the subject to access the object, that is, only when the subject has the token required for specific access to the specific object, the access can be successful; otherwise, the access will be rejected by the system; the distribution of the token , saving and checking are all managed by the system.

The token format includes two parts: a token identifier and a system certificate, wherein the token identifier is a character string uniformly assigned by the system to uniquely identify the token; the system certificate is a security certificate signed by the system, and the certificate format adopts X .509 standard, or other formats that can be shared by public key-based software; the X.509 is a public key infrastructure standard (PKI, public key infrastructure) that specifies the format of public key certificates and related verification algorithms, and the system in the certificate The signature is generated by this system specific algorithm.

The fine-grainedness is the granularity performance of access control, which is reflected in two aspects: the subject and the object: the access control token of the system is issued according to each authority of each object, so as to realize the fine-grained control of object access; The system's control over the subject can be refined from the business level to the method level of the object to achieve fine-grained control of subject access.

The system security controller is the core controller of the system access control, which is used to provide the final security access legality check and verification function, and at least includes the functions of updating the check result cache table and managing the key data of the system according to the access control check result. Maintenance execution functions for other safety features;

The security policy manager is used to execute the security access control policy of the system, and periodically clear the check result cache table; the security access control policy is dynamically configured by the system and stored in other security control tables.

Another object of the present invention is achieved in this way: a token-based fine-grained access control method for application servers, characterized in that: comprising the following steps:

A. When the business is loaded, the application server negotiates the access control capability with the business, and according to the negotiation result, creates a new token list for all permissions involved in this negotiation, and calls the token generation algorithm to create a new token; Then, according to the negotiation result and the new token list, initialize the subject token table and the system token of the service, and the subject token table records the tokens owned by all subjects of the service; then according to the negotiation result and the order card list, and update the access token table, which records the tokens needed to access the object;

B. When a business accesses system resources and/or capabilities, the business first sends a request to access resources and/or capabilities to the business agent, and the business agent then sends the access request to the access control checker to verify the legitimacy of the request; access The control checker first retrieves the check result cache table, if it retrieves the check result record corresponding to this access request, it returns the check result to the service agent, otherwise it sends the access request to the system security controller to check again ; The system security controller first checks the access token table, and inquires what kind of token is required to perform the access operation; If you have the token, the check result is to allow access, if you do not have the token, the check result is to deny access, then the system security controller will update the check result to the check result cache table, and return the verification result To the access control checker, the access control checker returns the result to the business agent; if the check result is to allow access, the business agent executes the access operation and returns the execution result to the business; if the check result is not to allow access, Then the service agent rejects the access request, and returns a rejection response to the service;

C. After the system security controller checks the access, or when the check result cache table is full, or when the check result stored in the check result cache table expires, or when the service is terminated, respectively update the check result cache table.

The operation of initializing the system token in step A further includes the following steps:

Each time the business is updated, the operations of Step A are repeated according to the updated business, and the system token associated with the business is updated; or

When the service is terminated, the system security controller updates and clears the check result cache table, access token table, subject token table, token index table and other records related to the service in the security control table.

The token generating algorithm described in the step A comprises the following steps:

A1. Existing tokens use the original token ID, and newly created tokens are automatically assigned token IDs using an algorithm that can ensure the uniqueness of the assigned ID;

A2. Create a token digest message, which is composed of token identifiers, object identifiers, permission descriptions, and each character field of all subject identifiers that own the token in sequence;

A3. Hash the token digest message, and use including but not limited to information-digest algorithm MD5 (message-digest algorithm 5) or secure hash algorithm SHA (Secure Hash Algorithm) to calculate the token digest message;

A4. Use the system key to encrypt the result of the hash operation to generate a system signature;

A5. Create a system certificate with the system signature and system-related information in accordance with the specified format of the system certificate;

A6. Create a token with the token ID and the generated system certificate according to the token format specified by the system.

The step B of performing fine-grained control on access based on the token further includes the following steps:

B1. The service sends a resource and/or capability access request to the service agent, so that the service agent can access the resource and/or capability on behalf of the service;

B2. The service agent sends the access request to the access control checker to verify the legitimacy of the request;

B3. The access control checker retrieves the inspection result cache table, and then takes corresponding operations according to the retrieval results;

B4. If the check result cache table hits, that is, the check result record corresponding to the current access request is retrieved, the check result is returned to the service agent, and jumps to step B6;

B5. If there is no hit in the check result cache table, that is, the check result record corresponding to the access request is not found, the access request is sent to the system security controller to check again, and the check result is recorded by the system security controller Returned to the business agent via the access control checker;

B6. The business agent performs corresponding operations according to the inspection result: if the inspection result is to allow access, the business agent executes the access operation and returns the execution result to the business; if the inspection result is not allowed to access, the business agent rejects the access request, And return a rejection response to the business.

The operation of the system security controller checking the access request again in the step B5 further includes the following steps:

B51. The system security controller checks the access token table, and inquires what kind of token is required to perform the access operation;

B52. The system security controller checks the subject token table, checks whether the subject of the access request has the token required for performing the access operation retrieved in step B51, and then takes corresponding follow-up operations according to the retrieval result;

B53. If there is the token, that is, the token matches, then the check result is to allow access, and the system security controller updates the check result of the allow access to the check result cache table, and returns a message of successful verification to the access control checker , and the access control checker returns the result to the business agent;

B54. If you do not have the token, that is, the token does not match, the check result is access denial, and the system security controller updates the check result of access denial to the check result cache table; and returns the message of verification failure to the access control Inspector, the access control inspector returns the result to the business agent.

The operation of updating the inspection result cache table in step C further includes the following steps:

C1. The system security controller updates the result of each inspection into the inspection result cache table, and stamps it with the current time stamp;

C2. When the content stored in the inspection result cache table is full, the security policy manager deletes the inspection result records cached in the inspection result cache table according to the system security policy;

C3. The security policy manager periodically clears the expired check result records cached in the check result cache table according to the system security management policy;

C4. When a service is terminated, the system security controller clears all check results related to the service in the check result cache table.

Advantage and effect of the present invention are:

(1) A service agent for accessing resources and/or capabilities on behalf of a service is set in the access control system of the application server. In the application server, the service can be written by a third party, while the service agent is provided by the application server itself. Through the introduction of business agent, access control to resources and actual resource access operations are all done by the entity that guarantees security——business agent, which improves the security of the system.

(2) In the access control system of the application server, an access control checker and a system security controller that independently audit and check the access request are also set up, and the business agent only needs to operate according to the check result returned by the access control checker . Therefore, the separation of the security check of the access request and the access operation itself is realized, and the security and maintainability of the system are improved.

(3) The system of the present invention is provided with an inspection result cache table for storing access control inspection results, and the operation of querying the inspection result cache table is simple and efficient, which greatly improves the judgment efficiency of the access control system. The system is also provided with a security policy manager for performing dynamic configuration of the system, and the dynamic configurability of the security policy improves the flexibility of the system.

(4) The present invention adopts a token-based method for fine-grained access control. The introduction of the token first meets the requirements of access control and improves the security of the system; secondly, the token can greatly reduce the space requirement of the access control system itself.

(5) The mechanism that the present invention adopts regularly updates the inspection result cache table, realizes the dynamic and timely update of the inspection result cache table, improves the hit rate of the inspection result cache table, and then improves the speed of safe access retrieval operation; Ensure the authenticity and reliability of the data in the check result cache table to ensure the security of the system.

Description of drawings

Fig. 1 is a schematic diagram of the structural composition of the access control system of the present invention.

Fig. 2 is a schematic diagram of the token format of the present invention.

Fig. 3 is a block diagram of the operation flow of the access control method of the present invention.

Fig. 4 is a flow block diagram of the token generation algorithm of the present invention.

Fig. 5 is a block diagram of the operation flow of the token-based fine-grained access control method of the present invention.

Fig. 6 is a block diagram of the operation flow of the system security controller checking the access request and returning the checking result to the access control checker in the present invention.

Fig. 7 is a message interaction diagram in the fine-grained access control process based on tokens in the present invention.

Detailed ways

In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

The present invention is a token-based fine-grained access control system for application servers and its implementation method. The access control system and method must meet the following requirements of the application server in the next generation network for access control: first, the application server is the service execution platform in the next generation network, and the access control system must control every subject to object in the application server. An access can be effectively controlled to ensure the security of the system; moreover, it is hoped that the application server can provide fine-grained access control capabilities. In addition, the application server must provide users with services ranging from enterprise level to telecommunication level. Therefore, each operation of the access control system must have high work efficiency, so as to minimize the efficiency of the system in normal processing of various businesses. and meet user needs. Finally, the access control system must ensure its own safety and reliability.

Referring to Fig. 1, the present invention is a token-based fine-grained access control system for application servers, the system includes:

A business unit 101 composed of an application program that provides services to customers, and the business unit 101 needs to access resources and/or capabilities in the application server;

A service proxy unit 102 composed of codes that guarantee security is used to proxy service access to resource/capability units, and the service proxy unit 102 communicates with the service unit 101, the resource/capability unit 130 and the access control unit 110 respectively;

A system resource/capability unit 130 consisting of at least various file resources, network resources, database resources and other resources and/or capabilities;

An access control unit 110 composed of sequentially connected access control checker, system security controller and security policy manager is used for token-based fine-grained access control when the subject accesses the object;

The access control results of the system are cached, the check result cache table to improve access control efficiency, the access authority token table that stores the tokens corresponding to the different permissions to access each object, and the subject that stores the token list owned by the subject The access control token and data storage unit 120 composed of a token table, a token index table storing a list of subject identifiers holding tokens, and at least including other security control tables defined by system security policies is used to cooperate with the access control unit Complete token-based fine-grained access control; the inspection result cache table is connected to the three components in the access control unit at the same time, and the access token table, subject token table, token index table and other security control tables are only related to the access The system security controller and the security policy manager in the control unit form a communication connection. The token and data description in the token and data storage unit 120 include, but are not limited to, data structures designed in Extended Markup Language XML or other advanced programming languages, or database forms; the storage forms of tokens and data include at least memory, Or files, or databases; storage is centralized and/or distributed.

The access control unit 110 is the control core of the system, and the functions and operations of the three components are introduced below:

The access control checker for receiving and checking the access request of the service agent first checks the legitimacy of the access request according to the check result cache table: if the check result record corresponding to the access request is retrieved in the check result cache table, then The inspection result record indicates whether the access is legal, and the retrieved inspection result record is directly returned to the service agent; if the inspection result record corresponding to the access request is not retrieved in the inspection result cache table, the access request is forwarded The system security controller continues to check, and returns the verification result of the system security controller to the service agent; at the same time, the check result is updated into the check result cache table.

The system security controller, as the core of system access control, can provide the final inspection result of the legality of security access and maintain other security functions of the execution system; that is, when the access control checker cannot retrieve the access from the check result cache table When requesting the corresponding inspection result record, the system security controller will finally decide whether the access is legal; the system security controller can also update the inspection result cache table in time according to the access control inspection results, and manage system key data, etc.

The security policy manager is used to implement the security access control policy stored in other security control tables and dynamically configured by the system, and clear the cache table of inspection results at regular intervals.

The present invention is a token-based access control system. The so-called token is a credential necessary for the subject to access the object. Only when the subject has the token required for specific access to a specific object can the access succeed. Otherwise, the Access will be denied by the system.

Referring to Fig. 2, the format of token of the present invention is specific: it is made up of two parts of token identification (Token ID) and system certificate. The token identifier is a string assigned by the system to uniquely identify the token; the system certificate is a security certificate (Certificate) signed by the system, using X.509 or other certificates that can be shared by other public key-based software format, the system signature within the certificate is generated by that system-specific algorithm.

The fine-grained access control feature of the present invention is mainly reflected in two aspects: first, the access control token of the system is issued separately according to each authority of each object, realizing the fine-grained control of object access; second, The system's control over the subject can be refined from the business level to the method level of the object, realizing the fine-grained control of subject access.

Referring to Fig. 3, the token-based fine-grained access control method for an application server in the present invention includes three steps:

A. When the service is loaded, or updated, or terminated, first initialize the system token;

B. In the process of business accessing system resources and/or capabilities, security checks and controls are performed on access based on tokens;

C. After the system security controller checks the access, or when the check result cache table is full, or when the check result stored in the check result cache table expires, or when the service is terminated, respectively update the check result cache table.

These three steps are described in detail below in conjunction with the accompanying drawings.

The operation of initializing the system token in step A further includes the following steps:

A1. Negotiation of access control capabilities between the application server and the business;

A2. According to the negotiation results, create a new token list for all the permissions involved in this negotiation, and call the token generation algorithm to create new tokens; see Figure 4, specifically explain the operation steps of the token generation algorithm:

(A21) Existing tokens use the original token ID, and the newly created token system uses an algorithm that can guarantee the uniqueness of the assigned ID to automatically assign token IDs;

(A22) Create a token digest message, which is composed of token identifiers, object identifiers, authority descriptions, and each character field of all subject identifiers that have the token in sequence;

(A23) Hashing the token summary message, the system uses MD5 or SHA or other hash algorithms to perform operations on the token summary message;

(A24) Encrypt the hash operation result with the system key to generate a system signature;

(A25) Create a system certificate with the system signature and system-related information in accordance with the specified format of the system certificate;

(A26) Create a token with the token identifier and the generated system certificate according to the token format specified by the system.

A3. According to the negotiation result and the generated new token list, initialize the subject token table of the service, and the subject token table records the tokens owned by all subjects of the service;

A4. According to the negotiation result and the generated token list, insert or update the token index data in the token index table, so that the identity of the subject holding each token is recorded in the record corresponding to each token; and according to Find the subject token table corresponding to the subject ID recorded in the token index table, and then update the subject token table of the business that already owns the token;

A5. According to the negotiation result and the generated token list, update the access token table, which records the tokens required to access the object;

A6. When the business is updated each time, the operations of the above steps A1 to A5 are repeated according to the updated business, and the system token associated with the business is updated;

A7. When the service is terminated, the system security controller updates and clears the check result cache table, access token table, subject token table, token index table and other records related to the service in the security control table.

Referring to Figure 5, specifically explain the operation steps of Step B for fine-grained control of access based on tokens:

B1. The service sends a resource and/or capability access request to the service agent, so that the service agent can access the resource and/or capability on behalf of the service;

B2. The service agent sends the access request to the access control checker to verify the legitimacy of the request;

B3. The access control checker retrieves the inspection result cache table, and then takes corresponding operations according to the retrieval results;

B4. If the check result cache table hits, that is, the check result record corresponding to the current access request is retrieved, the check result is returned to the service agent, and jumps to step B6;

B5. If there is no hit in the check result cache table, that is, the check result record corresponding to the access request is not found, the access request is sent to the system security controller to check again, and the check result is recorded by the system security controller Returned to the business agent via the access control checker;

B6. The business agent performs corresponding operations according to the inspection result: if the inspection result is to allow access, the business agent executes the access operation and returns the execution result to the business; if the inspection result is not allowed to access, the business agent rejects the access request, And return a rejection response to the business.

Referring to Fig. 6, specifically explain the operation of the system security controller checking the access request again in the above step B5:

(B51) The system security controller checks the access token table, and inquires what kind of token is needed to perform the access operation;

(B52) The system security controller checks the subject token table, checks whether the subject of the access request has the required token for performing the access operation retrieved in step B51, and then takes corresponding operations according to the retrieval result;

(B53) If have this token, i.e. token match, then inspection result is to allow access, and system security controller updates the inspection result that allows access in the inspection result cache table, and the message of verification success is returned to access control inspection , the access control checker returns the result to the business agent;

(B54) If do not have this token, promptly token does not match, then inspection result is denial of access, system security controller updates the inspection result of denial of access in the inspection result cache table; And the message of verification failure is returned to access The control checker, and the access control checker returns the result to the business agent.

Fig. 7 illustrates the processing process of token-based fine-grained access control in the system of the present invention in the form of a message interaction diagram. The meaning of each step in the diagram is consistent with that in Fig. 5 and Fig. 6 , and will not be repeated here.

Step C of the present invention updates the inspection result cache table and includes the following steps:

C1. The system security controller updates the result of each inspection into the inspection result cache table, and stamps it with the current time stamp;

C2. When the content stored in the inspection result cache table is full, the security policy manager deletes the inspection result records cached in the inspection result cache table according to the system security policy;

C3. The security policy manager periodically clears the expired check result records cached in the check result cache table according to the system security management policy;

C4. When a service is terminated, the system security controller clears all check results related to the service in the check result cache table.

Claims (12)

1. A token-based fine-grained access control system for application servers, including: A business unit, consisting of an application program providing services to customers, which requires access to resources and/or capabilities in the application server; The resource/capability unit consists of at least various file resources, network resources, database resources and other resources and/or capabilities; it is characterized in that: the system also includes: The business proxy unit is composed of security-guaranteed codes, which communicate with the business unit, the resource/capability unit and the access control unit respectively, and are used to access the resource/capability unit for business on behalf of the business; The access control unit consists of sequentially connected access control inspectors, system security controllers, and security policy managers for token-based fine-grained access control when the subject accesses objects; where the access control inspector receives the business agent For an access request, first retrieve the access control inspection result of the access request in the inspection result cache table; if the inspection result record corresponding to the request is retrieved in the inspection result cache table, the retrieved inspection result record will be returned directly to the business agent; if the check result record corresponding to the access request is not retrieved in the check result cache table, the access request is sent to the system security controller, and the system security controller verifies whether the subject has the right to execute the object operation The token and the verification result are given, and the verification result is returned to the business agent and the inspection result is updated to the inspection result cache table; the security policy manager is used to implement the security access control policy of the system, and periodically clear the inspection result cache surface; The access control token and data storage unit include: a check result cache table for caching the access control results of the system, an access token table for storing the tokens corresponding to different permissions for accessing each object, and a table for storing the objects owned by the subject. The subject token table of the token list, the token index table of the subject identification list holding the token, and at least other security control tables including the definition of the system security policy, wherein the check result cache table is connected to the access control unit at the same time The three parts, the access token table, the subject token table, the token index table and other security control tables, only form a communication connection with the system security controller and security policy manager in the access control unit, and are used to cooperate with access control The unit completes token-based fine-grained access control. 2. The access control system according to claim 1, characterized in that: the token for controlling access and the description of the token and data in the data storage unit include extended markup language XML or data designed by other high-level programming languages structure, or database form; the storage form of the token and data includes memory, or file, or database; the storage method is centralized and/or distributed. 3. The access control system according to claim 1 or 2, characterized in that: the token is a credential necessary for the subject to access the object, that is, only when the subject has the token required for specific access to a specific object, the access Otherwise, the access will be rejected by the system; the allocation, storage and checking of the token are all managed by the system. 4. The access control system according to claim 1 or 2, characterized in that: the token format includes two parts: a token identifier and a system certificate, wherein the token identifier is uniformly assigned by the system and is used to uniquely identify the token The character string of the brand; the system certificate is a security certificate signed by the system, and the format of the certificate adopts the X.509 standard, or other formats that can be shared by software based on the public key; the X.509 specifies the format of the public key certificate and related A public key infrastructure standard that verifies the algorithm by which the system's signature within the certificate was generated. 5. The access control system according to claim 1, characterized in that: the fine-grainedness is the granularity performance of access control, which is reflected in two aspects of subject and object: the access control token of the system is based on each object Each permission is issued separately to achieve fine-grained control of object access; the system's control over the subject can be refined from the business level to the method level of the object to achieve fine-grained control of subject access. 6. The access control system according to claim 1, characterized in that: the system security controller is the core controller of the system access control, which is used to provide the final inspection and verification function of the legality of security access, and at least includes According to the access control inspection results, update the inspection result cache table and other security functions of the management system key data maintenance execution function; The security policy manager is used to execute the security access control policy of the system, and periodically clear the check result cache table; the security access control policy is dynamically configured by the system and stored in other security control tables. 7. A token-based fine-grained access control method for an application server, characterized in that it includes the following steps: A. When the business is loaded, the application server negotiates the access control capability with the business, and according to the negotiation result, creates a new token list for all permissions involved in this negotiation, and calls the token generation algorithm to create a new token; Then, according to the negotiation result and the new token list, initialize the subject token table and the system token of the service, and the subject token table records the tokens owned by all subjects of the service; then according to the negotiation result and the order card list, and update the access token table, which records the tokens needed to access the object; B. When a business accesses system resources and/or capabilities, the business first sends a request to access resources and/or capabilities to the business agent, and the business agent then sends the access request to the access control checker to verify the legitimacy of the request; access The control checker first retrieves the check result cache table, if it retrieves the check result record corresponding to this access request, it returns the check result to the service agent, otherwise it sends the access request to the system security controller to check again ; The system security controller first checks the access token table, and inquires what kind of token is required to perform the access operation; If you have the token, the check result is to allow access, if you do not have the token, the check result is to deny access, then the system security controller will update the check result to the check result cache table, and return the verification result To the access control checker, the access control checker returns the result to the business agent; if the check result is to allow access, the business agent executes the access operation and returns the execution result to the business; if the check result is not to allow access, Then the service agent rejects the access request, and returns a rejection response to the service; C. After the system security controller checks the access, or when the check result cache table is full, or when the check result stored in the check result cache table expires, or when the service is terminated, respectively update the check result cache table. 8. The access control method according to claim 7, characterized in that: the operation of initializing the system token in step A further includes the following steps: Each time the business is updated, the operations of Step A are repeated according to the updated business, and the system token associated with the business is updated; or When the service is terminated, the system security controller updates and clears the check result cache table, access token table, subject token table, token index table and other records related to the service in the security control table. 9. The access control method according to claim 7, characterized in that: said token generation algorithm in said step A comprises the following steps: A1. Existing tokens use the original token ID, and newly created tokens are automatically assigned token IDs using an algorithm that can ensure the uniqueness of the assigned ID; A2. Create a token digest message, which is composed of token identifiers, object identifiers, permission descriptions, and each character field of all subject identifiers that own the token in sequence; A3. Hash the token summary message, and use information-digest algorithm MD5 or secure hash algorithm SHA to calculate the token summary message; A4. Use the system key to encrypt the result of the hash operation to generate a system signature; A5. Create a system certificate with the system signature and system-related information in accordance with the specified format of the system certificate; A6. Create a token with the token ID and the generated system certificate according to the token format specified by the system. 10. The access control method according to claim 7, characterized in that: the step B of performing fine-grained control on access based on tokens further includes the following steps: B1. The service sends a resource and/or capability access request to the service agent, so that the service agent can access the resource and/or capability on behalf of the service; B2. The service agent sends the access request to the access control checker to verify the legitimacy of the request; B3. The access control checker retrieves the inspection result cache table, and then takes corresponding operations according to the retrieval result; B4. If the check result cache table hits, that is, the check result record corresponding to the current access request is retrieved, the check result is returned to the service agent, and jumps to step B6; B5. If there is no hit in the check result cache table, that is, the check result record corresponding to the access request is not found, the access request is sent to the system security controller to check again, and the check result is recorded by the system security controller Returned to the business agent via the access control checker; B6. The business agent performs corresponding operations according to the inspection result: if the inspection result is to allow access, the business agent executes the access operation and returns the execution result to the business; if the inspection result is not allowed to access, the business agent rejects the access request, And return a rejection response to the business. 11. The access control method according to claim 10, characterized in that: the operation of the system security controller checking the access request again in the step B5 further includes the following steps: B51. The system security controller checks the access token table, and inquires what kind of token is required to perform the access operation; B52. The system security controller checks the subject token table, checks whether the subject of the access request has the token required for performing the access operation retrieved in step B51, and then takes corresponding follow-up operations according to the retrieval result; B53. If there is the token, that is, the token matches, then the check result is to allow access, and the system security controller updates the check result of the allow access to the check result cache table, and returns a message of successful verification to the access control checker , and the access control checker returns the result to the business agent; B54. If you do not have the token, that is, the token does not match, the check result is access denial, and the system security controller updates the check result of access denial to the check result cache table; and returns the message of verification failure to the access control Inspector, the access control inspector returns the result to the business agent. 12. The access control method according to claim 7, characterized in that: the operation of updating the inspection result cache table in the step C further includes the following steps: C1. The system security controller updates the result of each inspection into the inspection result cache table, and stamps it with the current time stamp; C2. When the content stored in the inspection result cache table is full, the security policy manager deletes the inspection result records cached in the inspection result cache table according to the system security policy; C3. The security policy manager periodically clears the expired check result records cached in the check result cache table according to the system security management policy; C4. When a service is terminated, the system security controller clears all check results related to the service in the check result cache table.

Images