以天地一体化网络、物联网和复杂专用网络为代表的复杂网络环境(CNN, complex network envi-ronment)具有设备动态接入,网络异构、众多和信息跨网流动频繁等特点.上述特点给复杂网络环境下的访问控制技术带来细粒度控制、策略跟随和策略语义归一化等一系列新需求.针对这些需求,将面向网络空间的访问控制机制映射到复杂网络环境中.首先展示访问控制机制的具体映射过程,其次提出相应的访问控制管理模型,并用Z符号形式化地描述管理模型中的管理函数.实例分析表明,该访问控制机制可满足上述一系列新需求.%Complex network environments, such as space-ground integrated networks, internet of things and complex private networks, have some typical characteristics, e.g., integration of multi-network and information flow in cross-network. These characteristics bring access control for complex network environment the new requirement of coarse-grained control, sticky policies and inconsistent operation semantics. To satisfy these requirements, cross-network access control mechanism in complex network environments (CACCN) was designed by mapping the cy-berspace-oriented access control. First of all, the process of mapping was illustrated using the example of space-ground integrated networks. Next, a management model was proposed to manage the control elements in CACCN and a series of management functions were designed by using Z-notation. The analysis on practical example demonstrates that the mechanism can satisfy a series of access control requirements.
展开▼
