摘要
访问控制是保证企业信息系统安全性的重要组成部分,但传统的模型都不能满足企业多变的控制需求,因此引出了基于任务-角色的访问控制模型(TRBAC)来满足企业的需求。该模型解决了基于角色的访问控制模型(RBAC)不够灵活的缺点,并通过时间约束、最小特权约束和职责分离约束增加了系统的安全性。最后结合实例,详细阐述了TRBAC模型在企业权限管理中的实现。
Access control is an important part of the information system security in the enterprise environment, but the conventional models can't fully meet the changeful requirements of the enterprise environment, therefore task-role-based access control model (TRBAC) is introduced to satisfy the enterprise requirements. This model improved the flexibility of role-based access control model (RBAC), and enhances the security of the system by time restriction, minimal privilege restriction and responsibility separation restriction. And then the realization of TRBAC model is elaborated in enterprise privilege management for example.
出处
《计算机工程与设计》
CSCD
北大核心
2008年第12期3106-3108,共3页
Computer Engineering and Design
关键词
TRBAC
企业环境
工作流
授权约束
MIS
TRBAC
enterprise environment
workflow
authorization restriction
MIS