摘要
混合的基于角色访问控制-域型增强(RBAC-DTE)访问控制模型因其不同层次的保护机制近年来颇受关注,但是尚未见到公开的文献讨论混合RBAC-DTE策略中的多角色管理问题.因此,从特权层面和访问许可权层面上,提出了一种角色划分粒度比域划分粒度粗的角色和域的划分方法,并引入域的静态继承关系.这种混合RBAC-DTE策略的多角色管理方法解决了不同域的进程共享访问许可权集、控制策略代码尺寸的问题,特别是它可以充分支持极小特权原则.
The hybrid Role Based Access Control-Domain and Type Enforcement (RBAC-DTE) access control model has recently been given much attention due to its different level of protect mechanisms. But no published literature has discussed administration of multiple roles in the hy- brid RBAC-DTE policy. From the aspect of privilege and access right, this paper proposes an approach to dividing roles and domains that roles are more coarse-grained than domains, and introduces a static-inheritance relationship between domains. This method for multirole administration in the hybrid RBAC-DTE policy solves the problem of sharing access right set among processes in different domains and the problem of controlling policy code size, especially, supports the principle of least privilege sufficiently.
出处
《计算机学报》
EI
CSCD
北大核心
2006年第8期1419-1426,共8页
Chinese Journal of Computers
基金
北京市自然科学基金(4052016)
国家自然科学基金(60573042)
国家"九七三"重点基础研究发展规划项目基金(G1999035802)资助.
