摘要
提出了一种综合的访问控制(HAC)策略,它继承和汲取了几种主流的访问控制技术的优点,有效地解决了信息安全领域的访问控制问题和有效地保护数据的保密性和完整性,保证授权主体能访问客体和拒绝非授权访问。HAC具有良好的灵活性、可维护性、可管理性、更细粒度的访问控制性和更高的安全性,给信息系统设计人员和开发人员提供了访问控制安全功能的解决方案。举例说明了HAC在信息安全中的应用,结果表明HAC是实用的、有效的。
A hybrid access control (HAC) policy is presented which takes advantage ofthe popular access control technologies, which can solve the problem of the access control in the information security, protect the data confidentiality and integrity and ensure authorized access and deny unauthorized access. HAC is smart, maintainable and manageable, and has finer-grain access control and higher security. Also a solution is provided to access control for the information system designers and developers. An example of HAC application to information security is taken, which proves that HAC is practical and effective.
出处
《计算机工程与设计》
CSCD
北大核心
2009年第15期3514-3516,共3页
Computer Engineering and Design
关键词
访问控制
信息安全
应用安全
安全防护
保密性
完整性
access control
information security
application security
security protection
confidentiality
integrity
