摘要
研究了通过对基于角色的访问控制(RBAC)进行定制实现强制访问控制(MAC)机制的方法。介绍了RBAC模型和MAC模型的基本概念,讨论了它们之间的相似性,给出了在不考虑角色上下文和考虑角色上下文两种情形下满足强制访问控制要求的RBAC系统的构造方法。从这两个构造中可以看出,强制访问控制只是基于角色的访问控制的一种特例,用户可以通过对RBAC系统进行定制实现一个多级安全系统。
The realization of mandatory access control (MAC) by configuring role-based access control (RBAC) is investigated. First, the basic definitions of RABC model and MAC model are introduced. Second, the similarities between them are discussed. Third, two constructions are given which simulate MAC in RBAC systems. Among the constructions one considered the role context and the other not. It is obvious from the two constructions that MAC is just one instance of RBAC, so users can implement a multilevel secure system by configuring a RBAC system whenever necessary.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2006年第6期167-169,共3页
Computer Engineering
