域间动态角色转换中的静态互斥角色约束违反  被引量：6

作　　者：翟征德[1] 徐震[1] 冯登国[1] 

机构地区：[1]中国科学院软件研究所信息安全国家重点实验室,北京100080

出　　处：《计算机研究与发展》2008年第4期677-683,共7页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(60603017);国家"八六三"高技术研究发展计划基金项目(2006AA01Z454);国家科技支撑计划基金项目(2006BAH02A02)

摘　　要：安全互操作是实现跨管理域的资源共享与保护的关键技术.Kapadia等人的IRBAC2000模型提供了一种灵活的通过角色关联和动态角色转换实现安全互操作的方法.廖俊国等人指出该模型可能违反静态互斥角色约束,对问题的原因进行了分析,提出了约束违反检测算法和添加角色关联的先决条件.首先指出廖俊国等人关于约束违反原因的分析是片面的,其检测算法和先决条件也不能保证系统不会违反约束;然后指出在给定角色关联的前提下,外域的用户/角色分配是造成约束违反的根本原因;进而提出动态角色转换违反静态互斥角色约束的充要条件和约束违反检测算法;给出了添加角色关联和用户/角色分配的先决条件,保证了模型状态始终满足静态互斥角色约束.Secure interoperation is a crucial technique for cross-domain resource sharing and protection. In the IRBAC2000 model, Kapadia proposes role association and dynamic role translation, through which secure interoperation can be accomplished in a very flexible way. The fact that the model can cause violations of static mutual exclusive role （SMER） constraints is firstly discovered by Liao Junguo et al, the reason for which is also analyzed. A detection algorithm for SMER violations and prerequisite conditions for adding new role associations are also presented. In the paper, it is firstly made clear that Liao＇s assertion about the reason of constraint violations is only partial and thus violations can not be totally prohibited. It is also clarified that under the circumstance of given role associations the inappropriate user/role assignments in other domains are the real reason behind. Then the necessary and sufficient condition for SMER violation is proposed and a corresponding algorithm for violation detection is presented. Because both new role associations and new user/role assignments can cause SMER violation, prerequisite conditions for adding them are subsequently proposed, which can ensure that the SMER constraints are always enforced during the state transitions of the model.

关 键 词：安全互操作 动态角色转换 角色关联 静态角色互斥 约束违反 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]