期刊文献+

基于角色的管理模型隐式授权分析 被引量:12

Implicit Authorization Analysis of Role-Based Administrative Model
下载PDF
导出
摘要 基于角色的管理模型被用于管理大型RBAC(role-based access control)系统的授权关系,UARBAC具有可扩展、细粒度等优点.UARBAC的管理操作包含隐式授权.隐式授权分析说明UARBAC管理操作的两类缺陷,包括两个定义缺陷,即无法创建客体和虚悬引用,以及一个实施缺陷,即不支持最小授权.通过修改管理操作更正定义缺陷,提出实施缺陷的改进方案.定义实施最小授权的最小角色匹配问题,证明该问题是NP难,并给出基于贪心算法的可行方案,帮助管理员选择合适的管理操作将最小角色集合授予用户. Role-Based administrative models have been discussed for decentralized management in large RBAC (role-based access control) systems. The latest UARBAC model has significant advantages over other models. Due to hierarchy relationships, administrative operations of UARBAC implicate permissions. By analyzing implicit authorization, two flaws in definition and an implemental flaw in UARBAC are found, including being unable to create object, dangling reference and not supporting the least authorization. The paper corrects definitions of administrative operations for the former two. The least authorization in UARBAC is defined as the minimal role match problem. The paper proves the problem is NP-hard and gives a feasible algorithm based on greedy. The method will help the administrator use appropriate operations to achieve the least role assignment.
出处 《软件学报》 EI CSCD 北大核心 2009年第4期1048-1057,共10页 Journal of Software
基金 国家“十五”攻关计划No.2005BA113A02 中国科学院研究生创新资金~~
关键词 隐式授权 基于角色的管理模型 最小授权 基于角色的访问控制 implicit authorization role-based administrative model least authorization role-based access control
  • 相关文献

参考文献1

二级参考文献10

  • 1Sandhu R,Bhamidipati V,Munawer Q.The ARBAC97 model for role-based administration of roles.ACM Trans.on Information and Systems Security (TISSEC),1999,2(1):105-135.
  • 2Oh S,Sandhu R.A model for role administration using organization structure.In:Sandhu R,Bertino E,eds.Proc.of the 6th ACM Symp.on Access Control Models and Technologies (SACMAT 2002).Monterey:ACM Press,2002.155-162.
  • 3Crampton J,Loizou G.Administrative scope:A foundation for role-based administrative models.ACM Trans.on Information and System Security (TISSEC),2003,6(2):201-231.
  • 4Sandhu R,Coyne EJ,Feinstein HL,Youman CE.Role-Based access control models.IEEE Computer,1996,29(2):38-47.
  • 5Sandhu R.Rationale for the RBAC96 family of access control models.In:Youman C,Sandhu R,Coyne E,eds.Proc.of the 1st ACM Workshop on Role-Based Access Control.New York:ACM Press,1996.38-47.
  • 6Hong F,He XB,Xu ZY.Role-Based access control.Mini-micro system,2000,21(2):198-200 (in Chinese with English abstract).
  • 7Harrison MA,Ruzzo WL,Ullman JD.Protection in operation systems.Communications of the ACM,1976,19(8):461-471.
  • 8Li NH,Tripunitara MV.Security analysis in role-based access control.In:Proc.of the 9th ACM Symp.on Access Control Models and Technologies (SACMAT 2004).2004.126-135.
  • 9Li NH,Winsborough WH,Mitchell JC.Beyond proof-of-compliance:Safety and availability analysis in trust management.In:Proc.of the IEEE Symp.on Security and Privacy.Oakland:IEEE Computer Society Press,2003.123-139.
  • 10Sipser M; Zhang LA,Wang HP,Huang X,Trans.Introduction to the Theory of Computation.Beijing:China Machine Press,2000,107-109.

共引文献37

同被引文献94

引证文献12

二级引证文献15

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部