摘要
基于网络的大规模软件应用系统面临着日益复杂的数据资源安全管理的难题 .基于角色的访问控制方法 (role- based access control,简称 RBAC)实现用户与访问权限的逻辑分离和构造角色之间的层次关系 ,从而方便了数据的安全管理 .该文在 RBAC96模型的基础上 ,对角色之间的层次关系进行了扩充 ,定义了角色的公共权限和私有权限 ,引入了一般继承和扩展继承机制 ,形成了一个能描述复杂层次关系的角色访问控制模型EHRBAC(extended hierarchy role- based access control) .同时 ,应用该模型完成了石化市场信息数据库系统的安全管理 .EHRBAC模型可以简化角色层次关系 ,描述复杂的角色继承场景 ,并通过区分公共权限和私有权限来进一步实现最少权限原则 .
One of the most challenging problems in managing large computer software systems on global network is the complexity of security administration. The RBAC (role based access control) method shows powerful capability on access control by realizing logical separation between users and permissions and constructing role hierarchies. This paper presents a role hierarchy model EHRBAC (extended hierarchy role based access control) based on RBAC96, which defines common permissions and private permissions and imports normal inheritance and extended inheritance. Based on EHRBAC, the authors realize the security administration for the Petrochemical Market Information System. The EHRBAC model can specify the complex inheritance of roles and simplify their relation hierarchies. It minimizes the role access permissions by the separation of private permissions from common permissions.
出处
《软件学报》
EI
CSCD
北大核心
2000年第6期779-784,共6页
Journal of Software
基金
国家"九五"重点科技攻关项目基金!(No.97- 5 6 7)
国家 86 3高科技项目基金!(No.86 3- 30 6 - ZD0 2 - 0 1- 1)
国家自然科学基金!
关键词
角色
基于角色访问控制
继承
层次关系
Role, role-based access control, inheritance, hierarchy.
