摘要
存取控制是文件系统的重要组成部分。传统文件系统存取控制方法是 :存取控制列表和能力列表。这两种模式尽管在使用上较为简单 ,性能好 ,但是它们存在以下的缺点。首先 ,存取控制列表存在从主体到客体映射难以查询的问题 ;而能力列表恰好相反 ,它难以确定从客体到主体的映射。其次 ,在提供对外文件共享时 ,这两种模型都难以快速的而精确的描述用户的需求。最后 ,这两种模式还难以描述独立于客体和主体条件的文件存取控制服务 ,比如按照时间关系提供文件服务。本文提出了基本规则的新的文件系统存取控制方法 。
Access control is one of the important components of the file system.Traditional access control of file system uses two basic methods:Access Control List(ACL) and Capabilities List(CL).Though doing well in usability and performance,these two methods still have some shortcomings.First,ACL has some difficulities in mapping from subjects to objects,while CL has the same problem when mapping from objects to subjects.Second,both of them cannot make a quick and accurate description of user requirements.Last but not the least,they can't depict services based on conditions independent of subject and object,such as the condition of time.This paper proposes a new access control method of File System based on Authorization Rules,which can solve the above problems smoothly.
出处
《计算机应用与软件》
CSCD
北大核心
2004年第6期1-4,71,共5页
Computer Applications and Software
基金
国家"8 63"资助 (NO :863 2 0 0 1AA1 4 4 0 1 0 )
