期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于层次角色的受限委托模型及模拟分析 被引量:1

Hierarchical Role-based Restricted Delegation Model and Simulation Analyzing
下载PDF
导出
摘要 在分布式应用环境中,多个安全域间授权的委托关系极为普遍。针对实际应用中对委托限制多方面需求的实际,在已有工作的基础上,提出了基于层次角色的受限委托模型HRRDM。模型通过定义角色树来解决部分委托问题,利用委托传播树和角色委托链来解决委托传播限制问题和委托传播的依赖性问题,提出了用委托凭证来支持层次角色委托的临时性,关联性、部分性、传播性限制的需求,并有效地支持了委托角色授予与撤销的动态特性。最后对HRRDM的扩展执行模型进行了形式化描述和证明,并对该执行模型进行了有效模拟分析,证实了其有效与简捷性。 In distributed environments, delegation relationships across multiple security domains are ubiquitous. To satisfy various restricted delegation requirements of actual applications, on the basis of the existing works, a Hierarchical Role-based Restricted Delegation Model (HRRDM) was proposed. The role tree was defined to solve the partial delegation problem, and the delegation spread tree and the role delegation chain were defined to solve the multi-step delegation problem and the problem of multi-step delegation dependency respectively. The delegation certification was proposed to support requirements of temporary delegation, associated role delegation, partial delegation, multi-step delegation in actual applications, and the dynamic characteristic of delegation role granting or revocation was effectively supported. Finally, the extensive execution model of HRRDM was formalized and proved, and the simulation analyzing of the execution model was given to validate its availability.
作者 桂劲松 陈志刚 刘安丰 邓晓衡
机构地区 中南大学信息科学与工程学院
出处 《系统仿真学报》 CAS CSCD 北大核心 2009年第3期802-808,共7页 Journal of System Simulation
基金 国家自然科学基金项目(60573127) 湖南省自然科学基金项目(06JJ30032)
关键词 信息安全 访问控制 层次角色 受限委托 委托凭证 information security access control hierarchical role restricted delegation delegation certification
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献7

  • 1Zhang L H, Alan G-J, Chu B-T. A rule-based framework for role-based delegation [C]//Sandhu RS, Jaeger T, eds. Proc. of the 6th ACM Syrup. on Access Control Models and Technologies. New York, USA: ACM Press, 2001: 153-162.
  • 2Joshi J B D, Bertino E, Ghafoor A. Temporal hierarchy and inheritance semantics for GTRBAC [C]//Proc. of the 7th ACM Syrup. on Access Control Models and Technologies. New York, USA: ACM Press, 2002: 74-83.
  • 3Zhang X W, Oh S, Sandhn R S. PBDM: A flexible delegation model in RBAC [C]// Ferrari E, Ferraiolo D, eds. Proc. of the 8th ACM Syrup. on Access Control Models and Technologies. New York, USA: ACM Press, 2003: 149-157.
  • 4徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 5翟征德.基于量化角色的可控委托模型[J].计算机学报,2006,29(8):1401-1407. 被引量:33
  • 6Barka E, Sandhu R. Framework for role-based delegation models [C]//Proc. of the 16th Annual Computer Security Application Conf. IEEE Computer Society Press, 2000. USA: ACM, 2000: 168-176.
  • 7Ferraiolo D F, Sandhu R, Gavrila S. Proposed NIST standard for role-based access control [J]. ACM Transaction on Information and System Security (S1094-9224), 2001, 4(3): 224-274.

二级参考文献40

  • 1徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 2Xu Z, Feng DG, Li L, Chen H. UC-RBAC: A usage constrained role-base access control model. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security. LNCS 2836, Heidelberg: Springer-Verlag, 2003.337-347.
  • 3Gasser M, McDermott E. An architecture for practical delegation in a distributed system. In: Cooper D, Lunt T, eds. Proc. of the1990 IEEE Computer Society Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society Press, 1990. 20-30.
  • 4Gladny HM. Access control for large collections. ACM Trans. on Information Systems, 1997,15(2):154-194.
  • 5Moffett JD, Sloman MS. The source ofauthority for commercial access control. IEEE Computer, 1988,21(2):59-69.
  • 6Nagaratnam N, Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering, 1998,5(4):168-178.
  • 7Bandmann O, Dam M, Firozabadi BS. Constrained delegation. In: Proc. of thc 23rd Annual IEEE Symp. on Security and Privacy.Oakland: IEEE Computer Society Press, 2002. 131-143. http://csdl.computer.org/comp/proceedings/sp/2002/1543/00/15430131abs.htm
  • 8Niezette M, Stevenne J. An efficient symbolic representation of periodic time. In: Finin TW, Nicholas CK, Yesha Y, eds. Proc. of the 1st Int'l Conf. on Information and Knowledge Management. LNCS 752, Springer-Verlag, 1992.
  • 9Ferriaolo D, Cugini J,Kuhn R. Role-Based access control (RBAC): Features and motivations. In: Proc. of the 11th Annual Computer Security Application Conf. New Orleans: IEEE Computer Society Press, 1995. 241-248. http://csrc.nist.gov/rbac/ferraiolo-cugini-kuhn-95.pdf
  • 10Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-Based access control models. IEEE Computer, 1996,29(2):38-47.

共引文献71

同被引文献1

引证文献1

二级引证文献1

系统仿真学报
2009年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部