CMS中RBAC模型的改造和应用

曹勇刚; 金茂忠; 刘超

CMS中RBAC模型的改造和应用

北京航空航天大学计算机学院, 北京 100083

基金项目: 国家863基金资助项目(2003AA118101)

详细信息

作者简介:
曹勇刚(1977-),男,湖南长沙人,博士生, ygcao@cse.buaa.edu.cn.

中图分类号: TP 302.2
计量
- 文章访问数: 3480
- HTML全文浏览量: 317
- PDF下载量: 1130
- 被引次数: 0
出版历程
- 收稿日期: 2004-11-19
- 网络出版日期: 2005-10-31

Modified RBAC model and its application on content management system

School of Computer Science and Technology, Beijing University of Aeronautics and Astronautics, Beijing 100083, China

摘要

摘要: 针对内容管理系统(CMS)中内容、权限和用户数量规模大的特点,采用形式化方法定义了改造后的基于角色的权限模型——RBAC0.5.对照RBAC96定义的4个模型,RBAC0.5是一个介于RBAC0和RBAC1之间的新模型.它覆盖了RBAC0,将RBAC1中的角色层次关系改造为通过用户组关联的映射关系,从而获取以关系型数据库为后台的集合操作能力.并且,为了有效组织CMS中的内容,形式化定义了内容分区和层次分类,在此基础上定义了层次化的权限集合,从而支持多层粒度上的访问控制.基于上述模型, 给出CMS中基于短路操作、垃圾收集以及缓存技术的实现访问控制的优化算法.
- 内容管理系统 /
- 访问控制 /
- 形式化方法 /
- 算法 /
- 模型
Abstract: Focusing on the large scale characteristic of content, users and permissions in content management system (CMS), a modified role based access control(RBAC) model, RBAC0.5, is formally defined. In contrast with the four models defined by RBAC96, the RBAC0.5 is formed as a new model between the basic model (RBAC0) and the enhanced model (RBAC1). It covers RBAC0 and alters the hierarchical relations among roles in RBAC1 to flat mapping by introducing the middle layer--user group. By using RBAC0.5, set operation can be performed with the relational database back-end. In addition, the partition and hierarchy category are formally defined for the arrangement of content in CMS by their media type and their semantic. Based on those definitions, the multi-layer permission sets are defined on partitions and categories for the multi-grained access control. According to such models, the implementation of the access control in the CMS uses short circulating operation, garbage collection and caching technology for performance optimization. Pseudo codes of the algorithms are also given.
- content management system /
- access control /
- formal logic /
- algorithms /
- model

HTML全文

参考文献(1)

[1] 徐国定,罗雪平,郑奕莉. 寄予级别的信息管理系统授权模型[J] 华东师范大学学报(自然科学版), 2000, 12(4):37~43 Xu Guoding, Luo Xueping, Zheng Yili. A rank based model of authorization for information systems[J] Journal of East China Normal University (Natural Science), 2000,12(4):37~43(in Chinese) [2] Sandhu R S, Samarati P. Access control:principle and practice [J] Communications Magazine, IEEE, 1994,32(9):40~48 [3] Sandhu R S, Coyne E J, Feinstein H L, et al. Role-based access control models [J] EEE Computer, 1996, 29(2):38~47 [4] Osborn S, Sandhu R, Munawer Q. Configuring role-based access control to enforce mandatory and discretionary access control policies[J] ACM Transactions on Information and System Security, 2000, 3(2):85~106 [5] Steinmuller B, Safarik J. Extending role-based access control model with states . Proc. of the International Conference on Trends in Communications . Bratislava:INSPEC, 2001, 2:398~399 [6] Gavrila S, Barkley J. Formal specification for role based access control user/Role and role/role relationship management . Proc. of the Third ACM Workshop on Role-Based Access Control . Virginia:ACM Press, 1998.81~90 [7] 梁彬, 孙玉芳, 石文昌,等. 一种改进的以基于角色的访问控制实施BLP模型及其变种的方法[J] 计算机学报, 2004, 27(5):636~644 Liang Bin, Sun Yufang, Shi Wenchang, et al. An improved method to enforce BLP model and its variations in role based access control[J] Chinese Journal of Computers, 2004, 27(5):636~644(in Chinese) [8] Ferraiolo D F, Cugini J, Kuhn D R. Role based access control:features and motivations . Proc. of 11th Annual Conference on Computer Security Applications . Los Alamitos:IEEE Computer Society Press, 1995. 241~248 [9] Joshi J B D, Bertino E, Ghafoor A. Hybrid role hierarchy for generalized temporal role based access control model . In:Proc. of 26th Annual International Computer Software and Applications Conference . Oxford:IEEE Computer Society Press, 2002. 951~956 [10] 刘宏月,范九伦,马建峰.访问控制技术研究进展[J] 型微型计算机系统, 2004, 25(1):56~59 Liu Hongyue, Fan Jiulun, Ma Jianfeng. Research advances on access control[J] Mini-Micro Systems Jan, 2004, 25(1):56~59(in Chinese) [11] 查义国, 徐小岩, 张毓森. 在Web上实现基于角色的访问控制[J] 计算机研究与发展, 2002,39(3):257~263 Zha Yiguo, Xu Xiaoyan, Zhang Yusen. Implementing RBAC on the Web[J] Journal Of Computer Research And Development, 2002, 39(3):257~263(in Chinese)

施引文献

资源附件(0)

访问统计