摘要： 传统的网络访问控制机制大多与身份认证机制分开设计，针对其安全性差、效率低等问题，受人体免疫系统能自动识别并排斥非自体物质原理启发，该文提出了一种基于家族基因的网络访问控制模型(FBAC)，给出了模型中网络家族、家族基因、基因证书等定义，建立了基因指派、制定族规、基因签名等用于生成基因证书的机制，描述了网络家族构造和基于家族基因的访问控制等算法。解决了入侵者绕过身份认证机制而存取网络资源的安全问题，克服了X.509数字证书认证效率低、证书主体信息不明确的缺陷，具有安全、高效等特点，是保障网络安全的一种有效新途径。

关键词: 网络安全, 访问控制, 免疫, 家族基因

Abstract: Inspired by principles of the human immune system, a family-gene based model for network access control, referred to as FBAC, is proposed. With the concepts and formal definitions of network-family, family-gene, and gene-certificate of FBAC presented, the bionic mechanisms of gene-assignment, family-rule constitution, and gene-signature for gene-certificate generation are established. The algorithms of network- family construction and family-gene based access control are described. The access control problems, which result from the penetration of conventional authentication mechanisms, are solved, and the defect of ambiguity of subject information in X.509 certificates is overcome. FBAC has a better safety and efficiency than the traditional techniques. It provides an effective novel solution to network security.

Key words: Network security, Access control, Immunity, Family-gene

中图分类号: 

• TP393