摘要
基于角色的访问控制RBAC(role-based access control)能够降低访问控制管理工作的复杂性,但在动态变化的网络环境中,单纯依靠用户身份属性进行角色和许可分配,不能完全满足网络安全服务的要求。提出ESRBAC(environment security role-based access control)模型,将角色与环境安全性相关联,只有用户的环境达到一定安全级别时,其角色对应的许可方才有效。给出了模型的定义及基本语义,并用一种适合于描述模型运行的形式化工具对一个具体的实例进行了分析。
RBAC(role-based access control)can reduce the complexity of the management of access control. But in the dynamic network environment, the secure service can't be guaranteed entirely by the simple role-permission assignment based on user's identity attributes. Correlating role with environment security, this paper explored an ESRBAC(environment security role-based access control) model. Only when a user's environment is secure enough, the permissions corresponding to its roles are valid. The definitions and basic semantics of the model were presented. By a formalized tool adapting to the mechanism of ESRBAC, an application instance was analyzed.
出处
《计算机科学》
CSCD
北大核心
2009年第1期51-54,59,共5页
Computer Science
基金
国家自然科学基金(编号:60673001)资助