基于规则引擎的实例级权限控制研究
Research on Rule Engine-Based Instance-Level Access Control
摘要
该文通过比较常用的权限控制的实现方法,提出了基于规则引擎的实例级权限控制框架,能灵活实现复杂的安全策略。
This paper compares some common implementation details of access control, and describes a rule engine-based instancelevel access control framework, which is a flexible approach to configure complex security strategies.
出处
《微计算机信息》
2009年第3期47-48,41,共3页
Control & Automation
参考文献7
-
1Charlie Lai, Li Gong, Larry Koved, et al. User Authentication and Authorization in the Java (tin) Platform [A]. Proc. of the 15th Annual Computer Security Applications Conf, 1999, pages:285- 290
-
2Wang Lunwei, Liao Xiangke, Wang Huaimin. AT-PAM: An Authentication Trustworthiness-Based PAM [A]. Proc. of the 3rd international conference on Information Security, 2004, pages: 204-209
-
3於光灿,卢正鼎,李瑞轩,王治纲,唐卓,宋伟.在Java2环境中实现可插入的认证及访问控制[J].计算机工程与科学,2007,29(2):26-28. 被引量:2
-
4Fonseca C.扩展JAAS实现类实例级授权[EB/OL].http://www.ibm.com/developerworks/cn/java/j-jaas/,2002-04-23.
-
5马林,黄文培,聂捷楠,汪凌峰.RBAC的权限扩展和其在Acegi下的实现[J].微计算机信息,2008,24(6):34-36. 被引量:10
-
6Security Annotation Framework [EB/OL]. http://safr.sourceforge. net/, 2008-01-12
-
7CIS587: The RETE Algorithm [EB/OL]. hnp://www.cis.temple. edu/-ingargio/cis587/readings/rete.html, 2004-05
二级参考文献9
-
1夏榆滨,宣明付.基于RBAC的统一权限管理系统研究[J].微计算机信息,2006,22(10X):114-116. 被引量:23
-
2[1]Ravi S.Sandhu,Edward J.Coyne.et al.Role-based access control models[J].IEEE Computer,February 1996 29-2:38-47
-
3[2]Micheal J Convington.Generalized role-based access control for securing future application[C].In 23rd National Information Systems Scerrity Conference MD:Baltinore,2000:201-208
-
4[4]Ben Alex.Acegi SecurityReference Documentation1.0.3.[EB/OL].http://www.acegisecurity.org/docbook/acegi.html.2006
-
5Charlie Lai,Li Gong,Larry Koved,et al.User Authentication and Authorization in the Java(tm) Platform[A].Proc of the 15th Annual Computer Security Applications Conf[C].1999.285-290.
-
6Wang Lunwei,Liao Xiangke,Wang Huaimin.AT-PAM:An Authentication Trustworthiness-Based PAM[A].Proc of the 3rd Int'l Conf on Information Security[C].2004.204-209.
-
7韦伯,卜照斌.Java 2编程详解[M].北京:电子工业出版社,1999.
-
8Sandhu R,Coyne E J,Feinstein H L,et al.Role Based Access Control Models[J].IEEE Computer,1996,29(2):870-881.
-
9Joshi J B D,Bhatti R,Bartino E,et al.Access Control Language for Multidomain Environments[J].IEEE Internet Computing,2004,8(6):40-50.
共引文献10
-
1牛建涛,高岭,孙龙军.RBAC私有权限问题研究[J].微计算机信息,2009,25(6):111-113.
-
2林伟炬,刘列根,张宇.一个通用的权限管理模型的设计方案[J].微计算机信息,2009,25(15):1-3. 被引量:13
-
3杨扬,李雄.RBAC和IOC技术在权限控制中的应用[J].微计算机信息,2010,26(15):232-234.
-
4降磊,张文凌.基于Acegi和CAS的企业级认证授权管理系统的设计[J].科学之友(中),2011(1):140-141.
-
5王莉娟,郭培辉.PLM系统中数据权限控制研究[J].电子设计工程,2011,19(3):131-133. 被引量:3
-
6张国平,马丽.Spring集成Acegi安全框架在J2EE中的应用[J].电子设计工程,2012,20(7):29-31. 被引量:2
-
7唐建,徐罡,许舒人.一种数据级安全访问控制方案[J].计算机系统应用,2013,22(9):81-85. 被引量:3
-
8裴浩,田军,顾剑柳.基于XACML的JAAS安全扩展实现[J].电脑知识与技术,2008,0(11Z):1111-1113.
-
9谭才毅,韩永国,郭笃刚.供应链管理系统中应用安全框架的设计与实现[J].电脑知识与技术,2008,0(12Z):2063-2064. 被引量:1
-
10吴育辉,杨丽,段亚菲.基于Spring IoC开源技术的Acegi扩展研究[J].安顺学院学报,2017,19(3):124-126.