在RBAC模型中“责权分离约束”的冲突检测与消解

Conflict Checking and Solving of Separation of Duty Constraints in RBAC

下载PDF

导出

摘要详细论述了责权分离约束在基于角色的访问控制(RBAC)中的冲突检测与解决方案。研究了该约束在“权限-角色授权”(PRA)、“权限-主体授权”(PSA)、“角色-主体授权”(RSA)、“角色-角色授权”(RRA)等各类授权关系中的典型示例,并结合数学中的有向图理论给出冲突检测的算法分析,为实际应用奠定了基础。此外,还对冲突产生后的消解方法进行了深入讨论,总结出多种方案并进行仿真比较,根据实验结果给出一套优化后的解决途径。 The conflict checking and solving of separation of duty constraints were particularly discussed in RBAC we researched these constraints＇ typical examples in authorization relations of the permission-to-role assignment （PRA）, the permission-to subject assignment （PSA）, the role-to-subject assignment （RSA）, and the definition of a role hierarchy （role-to-role assignment, RRA）. The arithmetic analysis of conflict checking which links with the theory of directed acycline graph （DAG） was provided. It will be a basis for practicall application. Furthermore, the conflict solving was further discussed in the paper. Several schemes are summarized and achieved imitating experiment. Subsequently, we provided an optimized solving method for the further work.

作者崔中杰胡昌振

机构地区北京理工大学信息安全与对抗技术研究中心

出处《科技导报》 CAS CSCD 2005年第12期40-43,共4页 Science & Technology Review

关键词责权分离冲突检测冲突消解有向无环图角色分层 separation of duty, conflict checking, conflict solving, directed acycline graph, role hierarchy

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献7

1FERRAIOLO D, KUHN R, CHANDRAMOULI R. Role-based access control.[M]. MA USA. 685 Canton St. Norwood: Artech House Inc, 2003.
2SIMON R, ZURKO M. Separation of duty in role-based environments: Proceedings of the 10th Computer Security Foundations Workshop [C]. Washington, D C: IEEE Computer Society Press, 1997.
3LUPU E, SLOMAN M. Conflicts in policy-based distributed systems management [J]. IEEE Transactions on Software Engineering(Special Issue on Inconsistency Management). 1999,25(6): 852～869.
4SANDHU R, FERRAIOLO D, Kuhn R. The NIST model for rolebased access control: towards a unified standard: Proceedings of the Fifth ACM Work-shop on Role-Based Access Control (RBAC'00), Berlin, Germany,July 2000 [C]. Bevlin: ACM Press,2000.
5BUCKLEY F, LEWINTER M. A friendly introduction to graph theory[M]. Prentice Hall, 2003.
6LUPU E, SLOMAN M. Conflict analysis for management policies.Fifth IFIP/IEEE International Symposium on Integrated Network Management. San-Diego,1997[C]. Chapman & Hall, Ltd, 1997.
7STEGMANN C. A framework for authorization policies [D]. 2229Route des Cre^etes, F-06904 Sophia Antipolis, France: Institut Eurécom, 1997.

1慕晓冬,李飞行.用户组在RBAC模型中的应用[J].火力与指挥控制,2012,37(8):170-173. 被引量：2
2李飞行,慕晓冬,张璐,宋洪军.RBAC模型中角色继承的改进[J].火力与指挥控制,2012,37(9):129-132. 被引量：3
3王勇,谈斌.基于有向图和贝叶斯网络融合的飞机系统故障诊断研究[J].测控技术,2015,34(2):24-27. 被引量：7
4李玮,宋劲松,任群.依典型示例看IDS实施[J].微电脑世界,2002(1):72-73.
5杨海波.基于MATLAB的网络实验室的研究[J].中国制造业信息化（学术版）,2009,38(11):59-62. 被引量：1
6鲁小杰,张涛,王金双,赵敏.基于规则集的安全策略冲突检测与消解[J].军事通信技术,2016,37(1):17-22. 被引量：1
7谢旻.一种企业级分层访问控制模型研究[J].科技通报,2013,29(6):191-193.
8汪靖,林植,李云山.一种安全策略的冲突检测与消解方法[J].计算机应用,2009,29(3):823-825. 被引量：4
9薛建武,沈彩君.本体协同演化冲突检测与消解方法研究[J].计算机应用研究,2015,32(6):1728-1731. 被引量：3
10刘余娇.基于应用层多播的角色分配与角色授权模型[J].绵阳师范学院学报,2009,28(8):77-81.

科技导报

2005年第12期

浏览历史

内容加载中请稍等...

在RBAC模型中“责权分离约束”的冲突检测与消解

参考文献7

相关作者

相关机构

相关主题

浏览历史