摘要
多域环境的异构、动态和区域自治的特点为安全互操作访问控制研究提出了新的挑战。近来在多域安全互操作访问控制方面做了大量研究,大多在单域内基于角色访问控制的前提下,将外域角色映射到本地角色来实现访问控制,在外域和本地角色的管理上缺乏系统化的统一。本文提出了可管理的使用控制模型,对外域和本地用户角色指派进行统一管理,弥补了原有模型的安全漏洞。该模型提供了足够的灵活性,可以区分外域用户和本地用户,并且对外域用户实施更为严格的控制,同时保留了传统 RBAC 模型的优点。该访问控制模型正在实践中实施。
The heterogeneous, dynamic and self-governing in local domain nature of multi-domains environments introduces challenging security issues. Despite the recent advances in access control approaches applicable to secure interoperability between multi-domains, there remain issues that to perform role-based access control model in one domain and implement security interoperability by translating role of foreign domain to local role. Amongst them are the lacks of uniform administration for role of foreign and local domain. In this paper, we present an access control scheme that resolve these issues, and propose a Administrative Usage Control (AUCON) framework which corrects the security shortcoming of previous model and administrates user-role assignment for local and foreign domain with untie method. The AUCON model provides flexible enough mechanism to distinguish user of foreign and local domain and enforces more strict control for foreign user. While retaining the advantages of traditional RBAC model. AUCON model is being implemented in our experiment.
出处
《计算机科学》
CSCD
北大核心
2006年第3期283-286,共4页
Computer Science
基金
本课题得到国家自然科学基金(60403027)
湖北省自然科学基金(2005ABA243)资助
关键词
访问控制
多域安全
管理模型
使用控制
Access control, Security interoperability between administrative domains, Administrative model, UCON
