期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于环境安全的角色访问控制模型研究 被引量:12

Environment Security Role-based Access Control Model
下载PDF
导出
摘要 基于角色的访问控制RBAC(role-based access control)能够降低访问控制管理工作的复杂性,但在动态变化的网络环境中,单纯依靠用户身份属性进行角色和许可分配,不能完全满足网络安全服务的要求。提出ESRBAC(environment security role-based access control)模型,将角色与环境安全性相关联,只有用户的环境达到一定安全级别时,其角色对应的许可方才有效。给出了模型的定义及基本语义,并用一种适合于描述模型运行的形式化工具对一个具体的实例进行了分析。 RBAC(role-based access control)can reduce the complexity of the management of access control. But in the dynamic network environment, the secure service can't be guaranteed entirely by the simple role-permission assignment based on user's identity attributes. Correlating role with environment security, this paper explored an ESRBAC(environment security role-based access control) model. Only when a user's environment is secure enough, the permissions corresponding to its roles are valid. The definitions and basic semantics of the model were presented. By a formalized tool adapting to the mechanism of ESRBAC, an application instance was analyzed.
作者 董理君 余胜生 杜敏 周敬利
机构地区 华中科技大学计算机与科学技术学院 中船重工集团第七二二研究所
出处 《计算机科学》 CSCD 北大核心 2009年第1期51-54,59,共5页 Computer Science
基金 国家自然科学基金(编号:60673001)资助
关键词 角色 访问控制 RBAC 网络安全 环境安全 计算机网络 Role,Access control, RBAC, Network security
分类号 TP311.1 [自动化与计算机技术—计算机软件与理论] TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献11

  • 1Sandhu R S, Coyne E J, Feinstein H, et al. Role-based access control models. IEEE Computer, 1996,29 (2) : 38-47
  • 2Joshi J B D, Bertino E, Latif U, et al. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering, 2005,7 (1) : 4-23
  • 3Covington M J,Sastry M R, Manohar D J. Attribute-based Authentication Model for Dynamic Mobile Environments//Proc. of the 3rd International Conference of Security in Pervasive Computing. 2006: 227-242
  • 4Shafiq B,Joshi J B D,Bertino E,et al. Secure Interoperation in a Multidomain Environment Employing RBAC Policies. IEEE Transactions on Knowledge and Data Engineering, 2005, 17 (11) : 1557-1577
  • 5Covington M J, Long W, Srinivasan S, et al. Securing context-aware applications using environment roles//Proc, of the 6th ACM Symposium on Access Control Models and Technologies. 2001:10-20
  • 6Teo L, Ahn G J, Zheng Y L. Dynamic and Risk-aware Network Access Management//Proc. of the 7th ACM Symposium on Access Control Models and Technologies. 2003:217-230
  • 7Chakraborty S, Ray I. TrustBAC Integrating Trust Relationships into the RBAC Model for Access Control in Open Systems //Proc. of the llth ACM Symposium on Access Control Models and Technologies. 2006:49-58
  • 8Sandhu R S. Lattice-based access control models. IEEE Computer,1993,26(11) 19-19
  • 9Jiang Y X, Lin C, Yin H, et al. Security Analysis of Mandatory Access Control Model//Proc. of 2004 IEEE International Conference on Systems. 2004 : 5013-5018
  • 10欧阳凯,周敬利,夏涛,余胜生.基于SSL VPN接入机制的研究[J].计算机科学,2005,32(5):59-63. 被引量:7

二级参考文献21

  • 1Ferraiolo D F, et al. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security,2001,4(3): 224~274.?A
  • 2Sandhu R S,Samarati P. Access Control:Principles and Practice.IEEE Comrnunications, 1994,32 (9):40 ~ 48.
  • 3Sandhu R S, Coyne E J,Feinstein H L, Youman C E. Role-Based Access Control Models. IEEE Computer,1996,29(2):38~47.
  • 4Thomas R K, Sandhu R S. Task-based Authorization Controls (TBAC) :A Family of Models for Active and Enterprise-oriented Authorization Management. In:Proc. of the IFIP WG11.3 Workshop on Database Security. Lake Tahoe, California: Chapman &Hall,1998. 166~181.
  • 5Thomas R K,Sandhu R S. Conceptual Foundations for a Model of Task-based Authorizations. In: Proc. of the 7th IEEE Computer Security Foundations Workshop. Franconia,NH:IEEE Computer Society Press,1994. 66~79.
  • 6Coulouris G,Dollimore J,Roberts M. Role and Task-Based Access Control in the PerDiS Groupware Platform. In: Proc. of the Third ACM Workshop on Role-Based Access Control. New York, USA:ACM Press ,1998. 115~121.
  • 7Jonscher D. Extending Access Control with Duties-Realized by Active Mechanisms. Database Security,VI: Status and Prospects.Amsterdam, The Netherlands :North-Holland, 1993.91~111?A.
  • 8Lin A,Heinanen J,Armitage G,Malis A. RFC2764: A Framework for IP Based Virtual Private Networks. Feb. 2000. http://www.ietf. org/rfc/rfc2764. txt
  • 9Kent S,Atkinson R. RFC2401: Security Architecture for the Internet Protocol. Nov. 1998. http://www. ietf. org/rfc/rfc2401.txt
  • 10Aboba B, Dixon W. Draft: IPsec-NAT Compatibility Requirements. Oct. 2003. http://www. ietf. org/internet-drafts/draft-ietf-ipsec-nat-reqts-06. txt

共引文献12

同被引文献108

引证文献12

二级引证文献29

计算机科学
2009年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部