摘要
为了管理多应用层系统中的资源权限,充分利用RBAC在安全管理中的优势,提出了一个将RBAC融于多应用层的安全模型——Multi-RBAC。它将RBAC合理实施到系统的各个应用层,管理位于不同应用层的系统资源权限。由于角色由各应用层的资源访问权限来定义,使角色划分更加合理、粒度更小,也更容易实现权限最小原则。同时,可充分结合各种先进的RBAC模型,满足多应用层下各种安全需求。在实现上,应用Multi-RBAC成功开发并实施了一套CIMS安全管理系统,表明该模型是可行的。
In order to manage the privileges in muhi-application-layers system and make use of the advantage of RBAC in security management, Multi-RBAC, a RBAC model that can be applied in all application-layers was presented. It was applied to all application-layers of system to protect the resources in different layers. Since the roles were defined by the resource privilege in different layers, the Multi-RBAC made the classifying of roles more reasonable, the granularity less and the realization of least-privilege principle easier. Furthermore, all requirements of security can be satisfied with the help of other advanced RBAC model. In application, a security management system of CIMS was developed and applied successfully, which showed that the model is feasible'.
出处
《四川大学学报(工程科学版)》
EI
CAS
CSCD
北大核心
2007年第2期140-144,共5页
Journal of Sichuan University (Engineering Science Edition)
基金
国家863/CIMS主题资助项目(2003AA411210)
