摘要
近年来RBAC(Role-Based Access Control)及TBAC(Task-Based Access Control)模型得到广泛的研究。文中比较了一些现有访问控制模型的各自特点和适用范围,针对现有模型的不足,为了提高系统的安全性、通用型和实用性,通过结合RBAC及TBAC模型各自的优点,提出了一个新型的访问控制模型T-RBAC(Task-Role Based Access Control)。描述了T-RBAC模型结构和特点,阐述了模型对最小权限原则、职权分离原则、数据抽象原则及角色层次关系的支持,给出了模型在协同编著系统中的一个应用和将来工作的主要目标。
The research work of RBAC (role- based access control) and TBAC (task - based access control) is greatly emphasized in recent years. This paper compares the characteristics and applicability spectrum of some recent models. To the deficiency of the existing model, in order to improve the security, compatibility and practicability of application systems, through combining the advantages of RBAC and TBAC model, a new - type model, T- RBAC(task- role based access control), is discussed. The configuration and characteristics of the model is described. The support of least privilege, separation of duties, data abstraction and roles hierarchies in the model is explained. An application of the model in computer supported cooperative system and the main goal of future research is presented.
出处
《计算机技术与发展》
2006年第2期212-214,共3页
Computer Technology and Development
基金
江苏省高校指导性项目(Q2118042)
