基于角色和属性的PDM系统访问控制模型  被引量:2

Access Control Model in PDM System Based on Role and Attribute

在线阅读下载全文

作  者:魏冬冬 盛步云 向伟杰 张成雷 WEI Dong-dong;SHENG Bu-yun;XIANG Wei-jie;ZHANG Cheng-lei(Hubei Digital Manufacturing Key Laboratory,School of Mechanical and Electronic Engineering,Wuhan University of Technology,Hubei Wuhan 430070,China)

机构地区:[1]武汉理工大学机电工程学院湖北省数字制造重点实验室

出  处:《机械设计与制造》2019年第12期259-263,共5页Machinery Design & Manufacture

基  金:国家重点研发计划项目(NO.2016YFB1101700);湖北省自然科学基金(No.2015CFA115);湖北省科技支撑计划(No.2015BAA058)

摘  要:针对基于角色访问控制(Role Based Access Control,RBAC)模型在产品数据管理(Product Data Management,PDM)系统中无法满足动态授权和细粒度控制的问题,提出了一种基于角色和属性的访问控制(Role and Attribute Based Access Control,RABAC)模型。通过分析RBAC和基于属性的访问控制(Attribute Based Access Control,ABAC)模型的优缺点以及PDM的安全需求,在RBAC的模型基础上,添加属性要素作为授权决策依据;通过研究属性动静特性以及用户角色指派方法,提出角色属性管理方法对属性进行管理;采用角色和属性协同授权机制,降低了模型决策的计算复杂度。案例结果表明,该模型能对资源的访问进行动态控制,并显著提高了系统内存管理性能和执行效率。Aiming at the problem that RBAC could not meet the dynamic authorization and fine-grained control in PDM system,RABAC was proposed by introducing the concept of the dynamic and static specialty of the attributes.By analyzing the advantages and disadvantages of RBAC and ABAC and the security requirements of PDM,the attribute was added as the basis of authorization decision based on the RBAC model.By studying the dynamic and static characteristics of attribute and user,the role attribute assignment method was proposed to manage the attributes.By using the role and attribute co-authorization mechanism,the computational complexity of model decision was reduced.The results show that the model could dynamically control the accesses of the resources and improve management performance and execution efficiency of the system.

关 键 词:RBAC ABAC PDM 属性管理 动态授权 细粒度控制 

分 类 号:TH16[机械工程—机械制造及自动化] TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象