期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

协同环境下基于角色的细粒度委托限制框架 被引量:9

Role-based fine-grained delegation constraint framework in collaborative environments
下载PDF
导出
摘要 提出了基于角色的细粒度委托限制框架,将角色分为对象角色和委托角色,实现细粒度的控制。分析了三类委托限制:时间限制、禁止限制和义务限制。针对不同类型定义相应限制规则,并用于描述条件委托和受控使用,条件委托要求满足条件后执行委托操作,防止非法扩散;受控使用约束委托权限,防止权限滥用。多个委托限制规则之间可能冲突,给出了时间复杂度为O(n2)的基于图论的一致性检测算法。 A role-based delegation constraint method was introduced by separating role into two parts for fine-grained controlling. Three types of delegation constraints were analyzed, including temporal, prohibition and obligation. Using these constraints, conditional delegation and constrained usage was described. The former protected accepted delegation under certain conditions against diffuseness and abuse. The later constrained the usage of permission to avoid abuses of delegated permissions. An algorithm based on the graph theory for verifying the consistency of delegation constraints was presented, which had the time complexity of O(n^2).
作者 刘伟 蔡嘉勇 贺也平
机构地区 中国科学院软件研究所
出处 《通信学报》 EI CSCD 北大核心 2008年第1期83-91,共9页 Journal on Communications
基金 “十五”国家科技攻关计划基金资助项目(2005BA113A01) 中国科学院研究生院创新资金资助项目~~
关键词 计算机软件 协同 委托限制 基于角色的委托模型 冲突 computer software collaboration delegation constraint role-based delegation model conflict
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献18

  • 1SANDHU R, COYNE E, FEINSTEIN H, et al. Role-based access control models[J]. Computer, 1996, 29(2): 38-47.
  • 2BARKA E, SANDHU R. A role-based delegation model and some extensions[A]. Proceedings of 23rd National Information Systems Security Conference[C]. Baltimore, USA, 2000.168-177.
  • 3BARKA E, SANDHU R. Role-based delegation model/hierarchical roles (RBDMI)[A]. Proceedings of the 20th Annual Computer Security Applications Conference[C]. Tucson, Arizona, USA, IEEE Computer Society, 2004. 396-404.
  • 4ZHANG L H, AHN G J, CHUB T. A rule-based framework for role-based delegation[A]. Proceedings of 6th ACM Symposium on Access Control Models and Technologies[C]. Chantilly, 2001. 153-162.
  • 5ZHANG X W, O H S, SANDHU R. PBDM: a flexible delegation model in RBAC[A]. Proceedings of the 8th ACM Symposium on Access Control Models and Technologies[C]. Como, 2003. 149-157.
  • 6徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 7YE C X, WU Z F, FU Y Q. An attribute-based delegation model and its extension[J]. Journal of Research and Practice in Information Technology, 2006, 38(1): 3-16.
  • 8JOSHI J, SHAFIQ B, GHAFOOR A, BERTINO E. Dependencies and separation of duty constraints in GTRBAC[A]. Proceedings of the 8th ACM Symposium on Access Control Models and Technologies[C]. New York, 2003.51-64.
  • 9AHN G J, SANDHU R. Role-based authorization constraints specification[J]. ACM Transactions on Information and System Security. 2000, 3(4):207-226.
  • 10AHN G J. Specification and classification of role-based authorization policies[A]. Proceedings of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises[C] 2003. 202-208.

二级参考文献30

  • 1[1]Sandhu, R. Issues in RBAC . In: Proceedings of the ACM RBAC Workshop. MD: ACM Press, 1996. 21~24.
  • 2[2]Jaeger, T. On the increasing importance of constraints. In: Proceedings of 4th ACM Workshop on Role-Based Access Control. Fairefax, VA: ACM Press, 1999. 33~42.
  • 3[3]Ahn, G.-J. The RCL2000 language for specifying role-based authorization constraints [Ph.D. Thesis]. Fairfax, VA: George Mason University, 1999.
  • 4[4]Sandhu, R., Coyne, E.J., Feinstein, H.L., et al. Role-Based access control models. IEEE Computer, 1995,29(2):38~47.
  • 5[5]Chen, Fang, Sandhu, R. Constraints for role-based access control. In: Proceedings of the ACM RBAC Workshop. MD: ACM Press, 1996. 39~46.
  • 6Xu Z, Feng DG, Li L, Chen H. UC-RBAC: A usage constrained role-base access control model. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security. LNCS 2836, Heidelberg: Springer-Verlag, 2003.337-347.
  • 7Gasser M, McDermott E. An architecture for practical delegation in a distributed system. In: Cooper D, Lunt T, eds. Proc. of the1990 IEEE Computer Society Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society Press, 1990. 20-30.
  • 8Gladny HM. Access control for large collections. ACM Trans. on Information Systems, 1997,15(2):154-194.
  • 9Moffett JD, Sloman MS. The source ofauthority for commercial access control. IEEE Computer, 1988,21(2):59-69.
  • 10Nagaratnam N, Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering, 1998,5(4):168-178.

共引文献99

同被引文献72

引证文献9

二级引证文献32

通信学报
2008年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部