Flexible access control method of distributed objects
-
摘要: 传统的访问控制机制由于将安全策略与安全机制融为一体,只能支持一种安全策略.为了使访问控制机制能够动态支持多种安全策略,引入了元策略概念,并利用元策略描述框架与基于元策略的访问控制策略模型,提出了一种柔性化访问控制方法,使访问控制机制能够将安全策略与安全策略决策机制剥离,并能够动态支持多种安全策略.上述方法已经在基于CORBA的实验系统中实现,测试结果表明该方法是有效的.Abstract: The traditional access control mechanism is bonded with the security policy it supports and can only support one policy. In order to establish a kind of access control mechanism supporting multiple polices, the meta-policy concept was introduced. By using the meta-policy description framework and the security policy model based on the meta-policy concept, a method of building flexible access control mechanism was put forward, which made the access control mechanism separate the security policy from the policy decision function and could dynamically support multiple security policies. The method is implemented in a CORBA-based system and the test results show that it is effective.
-
Key words:
- information processing /
- safety technics /
- computer networks /
- distributed object /
- access control
-
[1] Object Management Group. CORBA security services specification . http://www.omg.org, 2001,1(7) [2]Iona Company. Iona Programmers'Guide . http://www.iona.comproducts/orbix2000, 2002 [3]Sandhu R S, Samarati P. Access control:principles and practice[J], IEEE Communication Magazine, 1994 , 32 (9):40~48 [4]Timothy J F. An object-oriented framework for security policy representation . Champaign, Iuinois:UIUC,1997 [5]Dirk J, Klaus R D. An approach for building secure database federations . In :Proc.Int'l. Conf. On Very Large Data Bases .San Francisco:Morgan Kaufmann Publishers Inc,1994.24~35 [6]Rabitti F, Bertino E, Kim W,et al. A model of authorization for next-generation database systems[J]. ACM Trans. On Database Systems, 1991,16(1):89~131
点击查看大图
计量
- 文章访问数: 3394
- HTML全文浏览量: 111
- PDF下载量: 865
- 被引次数: 0