检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]国防科学技术大学计算机学院,长沙410073
出 处:《计算机学报》2007年第9期1511-1519,共9页Chinese Journal of Computers
基 金:国家"九七三"重点基础研究发展规划项目基金(2005CB321804);国家自然科学基金(90412011);国家"八六三"高技术研究发展计划项目基金(2003AA115210;2004AA112020)资助
摘 要:委派(delegation)允许特权在主体间传播,是信任管理系统实现跨域授权的核心机制,但不加限制的委派可导致特权扩散,削弱了信息系统的安全性.现有信任管理系统的委派机制缺乏有效的特权传播控制能力,委派机制的安全性也有待于严格的分析和证明.文中提出了基于角色的受限委派模型RCDM,能够支持灵活的特权委派策略,并采用一种范围约束(scope constraint)结构控制特权传播的深度范围和广度范围.面向RCDM提出一种基于规则的满足性验证算法C3A,基于逻辑程序语义理论分析了C3A算法关于RCDM的可靠性和完备性问题,从理论上证明了RCDM的安全性和可用性. Delegation allows privilege propagation between principals, which is the core mechanism of trust management systems to enable multi-domain authorization. But unrestricted delegation may lead to privilege proliferation and breach the security of information systems. The delegation mechanisms in existing trust management systems are short of effective controllability on privilege propagation and their security need to be formally analyzed and proved. In this paper, a role-based constrained delegation model named RCDM (Role-based Constrained Delegation Model) is proposed, which supports flexible policies for delegation of authority and uses a scope constraint structure to control the depth scope and width scope of privilege propagation. A rule-based compliance checking algorithm named C3A is proposed for RCDM, the soundness and completeness of C3A with respect to RCDM are analyzed using the semantic theory of logic programs, which theoretically prove the security and availability of RCDM.
分 类 号:TP311[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222
