检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
出 处:《计算机与数字工程》2013年第7期1150-1153,1195,共5页Computer & Digital Engineering
摘 要:在目前高度动态、异构化、分布式的现代信息系统中,跨越单个域的限制,在多个信任域之间实现资源共享和进行安全互操作是非常必要的[1]。论文研究了多信任域认证授权系统的两种模型:网关模式基本模型和分布式基本模型。并分析了IRBAC(Interoperabili-ty Role Based Access Control)2000模型的基本思想及其存在的问题。其不足主要表现在:1)多信任域间角色映射中违背职责分离原则;2)没有考虑某一角色加入或退出时,与之关联角色的处理问题。针对不足,该文提出了MTD-EIRBAC模型。信任度计算和粒逻辑推理的引入,实现了MTD-EIRBAC模型的动态授权,很好地解决了角色变换(如角色的加入或退出)时与之相关联角色的处理和域穿梭时的角色渗透和隐提升问题,使多信任域间能够进行安全、灵活的协作。In the current information system which is highly dynamic, heterogeneous and distributed, it is necessary to realizing infor- mation-sharing and interoperation among multi-trust domains securely by acrossing single-domains restriction. This thesis investigates two kinds of models of multi-domain authentication and authorization system: based model of gateway mode and based model of distributed mode. We analyse the basic idea of the IRBAC(Interoperability Role Based Access Control) 2000 model, then points out several existing problems in them, which are showed as follows: 1) it violates the principle of duty separateness during role mapping among multi-trust domain; 2) it dose not consider how to process the related role when roles enter or exit. To solve the above problems, the MTD-EIRBAC model is pro posed. With the introduction of the trust level computing and granular logical reasoning, the dynamic authorization of the MTD-EIRBAC model is realized, and the problems of both the related role processing while roles changes(role enter or exit), and the role infiltration and im plicit promotion while the role shuttles the other domains are properly resolved. The safe and flexible collaboration of multi trust domains is maken possible.
分 类 号:TP391[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.38