留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

扩展的基于角色的访问控制模型

薛伟 怀进鹏

薛伟, 怀进鹏. 扩展的基于角色的访问控制模型[J]. 北京航空航天大学学报, 2005, 31(03): 298-302.
引用本文: 薛伟, 怀进鹏. 扩展的基于角色的访问控制模型[J]. 北京航空航天大学学报, 2005, 31(03): 298-302.
Xue Wei, Huai Jinpeng. Extended role-based access control model[J]. Journal of Beijing University of Aeronautics and Astronautics, 2005, 31(03): 298-302. (in Chinese)
Citation: Xue Wei, Huai Jinpeng. Extended role-based access control model[J]. Journal of Beijing University of Aeronautics and Astronautics, 2005, 31(03): 298-302. (in Chinese)

扩展的基于角色的访问控制模型

基金项目: 国家863计划基金资助项目(2002AA113030,2003AA144150); 国家自然科学基金资助项目(90412011)
详细信息
  • 中图分类号: TP 393.08

Extended role-based access control model

  • 摘要: 提出了一种扩展的基于角色的访问控制RBAC(Role Based Access Control)模型——RTBAC (Role & Task Based Access Control)模型.该模型在RBAC96模型之上引入了任务和任务实例的概念,形式化地定义了任务和任务实例的层次结构,界定了传统会话同任务实例之间的关系以及任务实例同权限之间的关系,并且提供了几种辅助函数.该模型可以更为自然地描述业务流程和访问控制策略,更适合分布式协作应用,特别是工作流和组合服务.基于该模型定义了一种新的动态职责分离约束——基于任务的动态职责分离约束,并且同传统动态职责分离约束进行了比较.该约束可以更准确地刻画访问控制相关的系统运行时上下文的范围,从而提高运行时访问控制的效率.

     

  • [1] Simon R T, Zurko M E. Separation of duty in role-based environments. In:Proceedings of Computer Security Foundations Workshop X. Washington:IEEE Computer Society, 1997.183~194 [2] Gligor V D, Gavrila S I, Ferraiolo D F. On the formal definition of separation-of-duty policies and their composition. In:Proceedings of 1998 Symposium on Research in Security and Privacy. Washington:IEEE Computer Society, 1998.172~185 [3] Crampton J. Specifying and enforcing constraints in role-based access control. In:Proceedings of ACM Symposium on Access Control Models and Technologies. New York:ACM Press, 2003.43~50 [4] Ahn G J, Sandhu R. Role-based authorization constraints specification. ACM Transactions on Information and System Security, 2000,3(4):207~226 [5] Sandhu R, Conyne E J, Lfeinstein H, et al. Role based access control models[J] IEEE Computer, 1996,29(2):38~47 [6] Ferraiolo D F, Sandhu R, Gavrila S, et al. Proposed NIST standard for role-based access control[J] ACM Transactions on Information and System Security, 2001,4(3):224~274 [7] Thomas R K, Sandhu R. Task-based authorization controls (TBAC):models for active and enterprise-oriented authorization management. In:Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI:Status and Prospects. London:Chapman&Hall, 1998.262~275 [8] Thomas R K, Sandhu R. Task-based authorization:a research project in next-generation active security models for workflows. http://lsdis.cs.uga.edu/ activities/NSF-workflow/roshan.html, 1996-4-16/2003-6-20 [9] Thomas R K. Team-based access control (TMAC):a primitive for applying role-based access controls in collaborative environments. In:Proceedings of the Second ACM workshop on Role-based Access Control. New York:ACM Press, 1997.13~19
  • 加载中
计量
  • 文章访问数:  3293
  • HTML全文浏览量:  129
  • PDF下载量:  738
  • 被引次数: 0
出版历程
  • 收稿日期:  2003-09-28
  • 网络出版日期:  2005-03-31

目录

    /

    返回文章
    返回
    常见问答