Context aware and group based access control
-
摘要: 传统的基于角色的访问控制(RBAC,Role Based Access Control)主要依靠对主题赋予相应的角色来实现对资源的保护,在权限控制时没有考虑执行的上下文环境,也没有考虑在系统中的用户是如何组织和管理的.为了适应应用环境的动态要求,并且方便用户的管理,提出了基于上下文感知和用户组的访问控制(RGBACC,Role and Group Based Access Control with Context)模型,RGBACC将上下文感知和用户组管理加入到RBAC模型中,从应用环境中获取与安全相关的上下文信息来动态地改变用户的权限,并且可以对具有统一职能的用户进行统一管理,同时还保留了传统RBAC模型的优点.Abstract: Role based access control(RBAC) mainly depend on role given by the theme to achieve the protection of natural resources. In the control of the permissions, execution context, how the customs organize and manage were not taken into account.In order to adapt dynamic requirements of the application environment and to make the management of customs more convienent, RGBACC model was put forward. RGBACC model add "context-aware"and "user group management" to RBAC model. The context information ralated security from application environment was obtained to dynamically change the user-s permission. To the customs who have the same function, RGBACC model can manage them unifiedly,at the same time,it maintain the advantagement of traditional RBAC model.
-
Key words:
- role based access control /
- context /
- group /
- role
-
[1] Foster I,Kesselman C,Tuecke S.The anatomy of the grid:enabling scalable virtual organization[J].International Journal of Supercomputer Applications,2001,2150:200-222 [2] 姚寒冰,胡和平,李瑞轩.上下文感知的动态访问控制[J].计算机工程与科学,2007,29(5):1-3 Yao Hanbing,Hu Heping,Li Ruixuan.Dynamic access control on context-aware[J].Computer Engineering and Science,2007,29(5):1-3(in Chinese) [3] 叶小玲,吴敏.高效业务管理系统中权限模型的研究与实现[J].计算机工程与设计,2010,31(2):351-377 Ye Xiaoling,Wu Min.Research and implementation of permissions model in efficient business management system[J].Computer Engineering and Design,2010,31(2):371-377(in Chinese) [4] Weiser M.The computer for the 21th Century[J].Scientific American,2001,265(3):94-104 [5] 张沙沙,姜华,谢圣献,等.基于上下文感知的RBAC动态访问控制研究[J].计算机安全,2009(8):5-8 Zhang Shasha,Jiang Hua,Xie Shengxian,et al.Research of RBAC dynamic access control based on contexta ware[J].Computer Security,2009(8):5-8 [6] Gligor V D,Gavrila S I,Ferraiolo D F.On the formal definition of separation of duty policies and their composition //Computer Society .Washington D C:IEEE,2007:172-185 [7] 杨晓静.RBAC模式中互斥角色的性质及其安全性[J].计算机应用,2003,12(23):138-142 Yang Xiaojing.The nature and safety of Exclusive role in RBAC[J].Computer Application,2003,12(23):138-142
点击查看大图
计量
- 文章访问数: 3991
- HTML全文浏览量: 116
- PDF下载量: 890
- 被引次数: 0