摘要
在RBAC中,职责分离(SoD--Separation of Duty)约束用户角色的授权,以保护敏感信息。SoD的限制一般由角色互斥关系(MER--mutually exclusive roles)定义。本文通过将企业流程的工作流结合到RBAC框架中,提出切实可行的分析SoD的计算方法。提出一种生成MER的算法和一个验证算法来检查设定的RBAC规则是否满足SoD的限制。本文讨论了详细的方法并举例来说明。
In RBAC, Separation of Duty (SOD) constrains user role authorization to protect sensitive information from frauds due to conflicts of interests. SoD constraints are commonly defined by mutually exclusive roles (MER). This paper proposes practical computational techniques for analyzing SoD by integrating workflows of the enterprise processes into the RBAC framework. It presents an algorithm for generating MER and a verification algorithm to check if a given RBAC state satisfies SoD constraint. The paper discusses the details of the approach and illustrates its use in a application.
出处
《微计算机信息》
2009年第30期62-63,12,共3页
Control & Automation