检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]浙江大学人工智能研究所,浙江杭州310027
出 处:《浙江大学学报(工学版)》2005年第3期342-347,共6页Journal of Zhejiang University:Engineering Science
基 金:防预研资金资助项目(45.6.1 017).
摘 要:针对信息战下数据库安全代理对访问控制的特殊需求,提出了数据库安全代理(DSP)扩展的基于角色访问控制模型(DSP RBAC).该模型形式化地定义了权限的各个方面,包括操作、属性、动作、客体以及它们之间的关系.通过引入客体包含关系(OIR)和操作级联关系(COR),研究了DSP对关系数据库管理系统的认知问题.在分析操作级联关系的级联需求和继承激活基础上,阐述了对会话需求权限和会话激活权限的影响,并给出在新模型下进行访问控制决策的原则.实验结果表明,该模型解决了在数据库安全代理中应用访问控制策略的操作、客体相关性问题,能够显著提高关键应用的安全性.To meet the special requirements of access control policies for database security proxy (DSP) in information warfare, an extended role based access control (DSP-RBAC) model was proposed. The model formalized various aspects of permissions including operations, properties, actions, objects and relationships among them. By introducing the object inclusion relationship (OIR) and the cascaded operation relationship (COR), the cognition issues of DSP on relational database management system were studied. Based on analysis of the cascaded requirement property and the inherited activation property of COR, the impacts on required permissions and activated permissions were discussed, and the principles to make access control decision were presented by concerning OIR and COR. Experimental results show that the DSP-RBAC model solves the operation-object relativity issues and remarkably improves the security when the access control policies are deployed in database security proxy for critical applications.
分 类 号:TP309.2[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15
