摘要
权能作为一种基于主体的访问控制手段,其实现方式灵活多样,使用方便。权能的概念很早就已经提出,已经成为分布式操作系统中的一种基本访问控制机制。通过对主体行为的限制,权能技术能方便地达到限制主体作用范围的目的。另外,通过对传统权能技术进行改进,还可同时实现对访问时间和次数的限制。在此基础上,通过对操作系统中权能实现方法的研究,提出了扩展权能访问控制(ExtendedCapabilityAccessControl,ECAC),并给出了该技术在Irix系统上的一种实现方法。
Capability is a subject- based access control method,which has the advantages of diverse presentation,high efficiency and easy operation.The concept of capability was proposed very early,and capability has already become one of the basic access control mechanisms in the distributed operating system.By limiting the behavior of the subject,this technique can reach the aim of limiting the subject's action range easily.In addition,by improving the traditional capability technique,we can simultaneously put limitation to the lengths of period or times of any telneter to our server.Through the research of implementing the methods of this technique in the operating system, this article proposes a new model:Extended Capability Access Control(ECAC), and implements it in IRIX's shell.
出处
《计算机应用研究》
CSCD
北大核心
2004年第10期90-92,95,共4页
Application Research of Computers
