随着移动互联网技术的发展,具有计算功能的移动终端被大量部署,并在大量移动应用的支撑下完成各项任务;愈来愈多的企业允许员工带着他们的个人设备进入工作环境(BYOD模式).但不同的人员有不同的角色,不同的资源有不同的访问权限,敏感资源一旦被泄露,将可能给企业带来重大的损失.因此,要想全面支持BYOD,保障数据和系统的安全,需要相应移动应用对敏感资源的访问控制进行明确的规定,并在移动应用运行过程中执行.XACML是访问控制策略的统一描述语言,但目前还未见其对移动应用和BYOD的支持.提出基于XACML语言描述移动应用的访问控制策略,研究XACML访问控制策略的测试方法;在此基础上,面向BYOD,针对Android平台上的项目管理APP进行了实例研究,结果展示了所提方法的有效性.%With the development of mobile Internet technology,the mobile terminals that have the ability to compute are deployed in great quantities.They can complete various tasks with the support of a large number of mobile applications.More and more companies allow employees to bring their own devices into the work environment,and this can be called BYOD (Bring Your Own Device).But different people have different characters,and different resources have different access permissions.The leak of sensitive resources will lead to significant losses of the enterprise.If BYOD wants to be supported perfectly,it is important to ensure the security of data and system.The access control rules that are defined for access to sensitive resources from the corresponding mobile applications need to be clearly and to be implemented in the running process of mobile applications.XACML is an unified description language of access control policies.Until now,it is unable to support mobile applications and BYOD.In this paper,we proposed a study method of testing XACML policies based on that XACML can describe access control policies of mobile applications.We conducted a case study with a project management app facing BYOD on the Android platform and showed the validity of our method.
展开▼