检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]北京航空航天大学计算机学院,北京100083
出 处:《北京航空航天大学学报》2005年第3期298-302,共5页Journal of Beijing University of Aeronautics and Astronautics
基 金:国家 8 6 3计划基金资助项目 (2 0 0 2AA1 1 30 30 ;2 0 0 3AA1 44 1 5 0 );国家自然科学基金资助项目 (90 41 2 0 1 1 )
摘 要:提出了一种扩展的基于角色的访问控制RBAC (RoleBasedAccessControl)模型———RTBAC (Role&TaskBasedAccessControl)模型 .该模型在RBAC96模型之上引入了任务和任务实例的概念 ,形式化地定义了任务和任务实例的层次结构 ,界定了传统会话同任务实例之间的关系以及任务实例同权限之间的关系 ,并且提供了几种辅助函数 .该模型可以更为自然地描述业务流程和访问控制策略 ,更适合分布式协作应用 ,特别是工作流和组合服务 .基于该模型定义了一种新的动态职责分离约束———基于任务的动态职责分离约束 ,并且同传统动态职责分离约束进行了比较 .该约束可以更准确地刻画访问控制相关的系统运行时上下文的范围 。An extended RBAC (role based access control) model, RTBAC (role and task based access control) model was presented. The model introduced the notions of task and task instance into RBAC96 model, formally defined the hierarchies of tasks and task instances, specified the relationships between traditional sessions and task instances as well as the relationships between task instances and permissions. Several assistant functions were defined. The model could be used to depict daily business procedures and related access control policies more naturally, so it was more suitable for distributed collaborative applications, especially for workflows and service compositions. Based on this model, a new dynamic separation of duty constraint, namely task-based dynamic separation of duty constraint, was formally defined and compared with traditional dynamic separation of duty constraints using a typical example. The new constraint can specify access control related system runtime context more accurately. It can increase the efficiency of access control at runtime.
关 键 词:访问控制模型 基于角色的访问控制 运行时上下文 动态职责分离
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28
