基于双层角色和组织的可扩展访问控制模型  被引量:11

Scalable Access Control Model Based on Double-tier Role and Organization

在线阅读下载全文

作  者:熊厚仁[1,2] 陈性元[1,2] 张斌[1,2] 杜学绘[1,3] 

机构地区:[1]解放军信息工程大学,郑州450001 [2]河南省信息安全重点实验室,郑州450001 [3]数学工程与先进计算国家重点实验室,郑州450001

出  处:《电子与信息学报》2015年第7期1612-1619,共8页Journal of Electronics & Information Technology

基  金:国家863计划项目(2012AA012704);2014年河南省基础研究计划项目(142300413201)资助课题

摘  要:针对现有基于角色的访问控制(RBAC)研究存在角色设置单一使得适应性差、多域环境下角色或权限冗余、对资源管理关注不够等问题,论文提出支持资源管理的基于双层角色和组织的访问控制模型。通过双层角色划分,提出基于职能角色和任务角色的双层角色架构,使得模型更加符合实际,也更具适应性;引入组织的概念并与双层角色相结合,对角色和权限的概念加以扩展,形式化定义了提出的基于双层角色和组织的访问控制模型,描述了影响模型安全的职责分离约束和势约束。对模型的表达能力、复杂度进行了分析,分析表明该机制不仅保留了RBAC的特点与优势,且比RBAC具有较低的复杂度并更适合于由多个相似组织构成的分布式多域环境。For tackling the deficiencies of weak adaptability due to the singleness of the role establishment method, role or privilege redundancy, and little attention on resource management in the existing Role-Based Access Control (RBAC) researches, a Scalable Access Control model Based on Double-Tier Role and Organization (SDTR-OBAC) is proposed. Through double role partition, a double-tier role architecture of function role and task role is presented, solving the problem that the traditional role can not cover the requirements of both organizational level and application level at the same time. The concept of organization is introduced to integrate with the double-tier role and form an organization-role pair assigned to user instead of role only in RBAC, making model suitable to cross-domain access as well as a single domain. Through extending privileges as an operation and resource type pair, the model and its constraints including separation of duty and cardinality constraint are defined formally. The discussion of expressive power and complexity indicates that SDTR-OBAC retains all the advantages of RBAC, and can effectively reduce the administration complexity with better scalability and universality.

关 键 词:网络信息安全 基于角色的访问控制 双层角色 组织 角色继承 职责分离 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象