基于Chinese Wall安全策略的职责分离模型

Separation of Duty Model Based on Chinese Wall Security Policy

下载PDF

导出

摘要职责分离是一个系统最基本的防止欺骗和错误的手段。该文在ChineseWall安全策略的基础上,实现了一种基于历史记录的职责分离模型,通过跟踪用户的历史权限记录来决定用户当前分配的权限从而实现职责分离,并对其进行了形式化描述和分析,证明其满足职责分离安全原理。该模型继承了ChineseWall策略和职责分离安全原则的优点,能够提供更加完善的访问控制策略。 Separation of duty （SOD） is a fundamental means for prevention of fraud and errors. Based on the Chinese wall security policy, a model of history-based separation of duty is implemented and it tracks the history of user＇s previous permissions record, from which the current permissions assigned to can be determined. The formal description and analysis about the model has been done and the model has been proved a well in accordance with principle of SoD. The model inherits the advantage of Chinese Wall security policy and separation of duty, and provides a more perfect access control stratagem.

作者林宏刚戴宗坤

机构地区四川大学信息安全研究所

出处《计算机工程》 CAS CSCD 北大核心 2007年第9期52-54,共3页 Computer Engineering

关键词职责分离 CHINESE WALL 角色冲突 Separation of duty（SoD）, Chinese Wall Conflict role

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献6

1Nash M,Poland K.Some Conundrums Concerning Separation of Duty[C]//Proceedings of the Symposium on Security and Privacy.IEEE Computer Society Press,1990:201-207.
2Sandhu R,Coyne E,et al.Role-based Access Control Models[J].IEEE Computer,1996,29(2):38-47.
3David F,Ferraiolo D,Kuhn R,et al.Role Based Access Control:Features and Motivations[C]//Proceedings of Computer Security Applications Conference.IEEE Computer Society Press.1995:241-248.
4Simon R,Zurko M.Separation of Duty in Role-based Environments[C]//Proceedings of the 10th IEEE Computer Security Foundations Workshop.IEEE Press,1997:183-194.
5Brewer D,Nash M.The Chinese Wall Security Policy[C]//Proc.of the IEEE Symposium on Security and Privacy.IEEE Computer Society Press,1989:206-214.
6Kuhn D R.Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-based Access Control Systems[C]// Proceedings of the 2nd ACM Workshop on Role-based Access Control.ACM Press,1997:23-30.

1甘泉,贺也平,韩乃平.一种改进的基于角色的访问控制[J].计算机工程,2006,32(7):140-142. 被引量：8
2秦超,陈钟,段云所.Chinese Wall策略及其在多级安全环境中的扩展[J].北京大学学报（自然科学版）,2002,38(3):369-374. 被引量：8
3Cheng Chunhung,Cheng Waiman,Wong Kamfai(The Chinese University of Hong Kong,Shatin,NT,Hong Kong,PRC).电子投票系统的安全问题(英文)[J].计算机工程,1999,25(S1):61-64. 被引量：1
4周锋,李旭伟.一种改进的MapReduce并行编程模型[J].科协论坛（下半月）,2009(2):65-66. 被引量：14
5王志澎,刘彦隆.CMS中基于RBAC的约束机制的设计与实现[J].科技情报开发与经济,2010,20(32):110-112.
6网络安全原理与实践[J].计算机安全,2008(8):135-135.
7陆宝华,王楠.《信息系统安全原理与应用》[J].信息系统工程,2009(1):75-75.
8王芳.网络欺骗和嗅探技术探讨[J].计算机光盘软件与应用,2014,17(10):46-46.
9张雷,向宏,胡海波.基于语义的RBAC模型权限冲突检测方法[J].计算机工程与应用,2011,47(26):74-78. 被引量：4
10刘会民.《军事信息安全原理》[J].国防大学学报,2005(8):104-104.

计算机工程

2007年第9期

浏览历史

内容加载中请稍等...

基于Chinese Wall安全策略的职责分离模型

参考文献6

相关作者

相关机构

相关主题

浏览历史