期刊文献+

空间职责分离约束的实施 被引量:1

Enforcement of Spatial Separation of Duty
下载PDF
导出
摘要 支持空间特性的RBAC模型描述了多种空间约束,这些空间约束不但表达了位置感知系统中细粒度空间语义,而且给模型增加了空间安全描述能力.能否准确实施空间约束直接影响应用系统功能和开销.本文研究空间职责分离(SSoD)约束的两种实施策略:(1)直接实施(2)间接实施.证明了直接实施是一个NP完全问题,而通过互斥空间角色(MESR)约束间接实施SSoD是有效的.多个MESR约束可以实施同一个SSoD,在比较后发现,当使用最小MESR约束作为实施机制时,能有效避免冗余约束准确实施该SSoD.为获得最小MESR约束本文给出了GEN-MESR算法. RBAC model with spatial characteristics allows express various role-based constraints with spatial characteristics for not only specify fine-grained spatial semantics that are typical in location-aware systems but also strengthen the security capability. In this paper, we study enforcement of spatial Separation of Duty ( SSoD) constraints. We show that direcdy enforcing SSoD constraints is intractable ( coNP-complete), while checking whether a system state satisfies a set of Mutually Exclusive Spatial Role ( MESR ) constraints is efficient. So MESR constraints are used to enforce SSoD constraints. There are often multiple MFSR constraints that can enforce the same SSoD. Although the different MESR constraints can enforce the same effect on the same session, we have found that different MESR constraints are varying greatly in the enforcement efficiency. The more precise the MESR sets are defined for enforcing an SSoD constraint, the less overhead the system is suffered. By comparing the different MESR constraints which can enforce the same SSoD, we conclude the minimal MESR constraints can avoid redundant restrictiveness effectively and enforce the SSoD policy precisely. We also present an algorithm that generates all minimal MESR constraints that are precise for enforcing one SSoD policy.
出处 《小型微型计算机系统》 CSCD 北大核心 2009年第12期2348-2355,共8页 Journal of Chinese Computer Systems
基金 国家自然科学基金项目(60603041)资助 江苏省自然科学基金项目(BK206073)资助
关键词 空间约束 实施策略 空间职责分离约束 空间互斥角色约束 RBAC spatial separation of duty constraints mutually exclusive spatial roles constraints
  • 相关文献

参考文献1

二级参考文献13

  • 1Bertino E, Catania B, Damiani M L, et al. GEO-RBAC: a spatially aware RBAC [C] //Proceedings of Symposium on Access Control Models and Technologies, Stockholm, 2005: 29-37
  • 2Hansen F, Oleshchuk V. Spatial role-based access control model for wireless networks [C]//Proceedings of IEEE Vehicular Technology Conference, Orlando, 2003: 2093- 2097
  • 3Ahn G J, Sandhu R. Role based authorization constraints specification [J]. ACM Transactions on Information and System Security, 2000, 3(4): 207-226
  • 4Ahn G J. The RCL 2000 language for specifying role-based authorization constraints [D]. Fairfax: George Mason University, 1999
  • 5Joshi J B D, Bertino E, Shafiq B, et al. Dependencies and separation of duty constraints in GTRBAC [C]//Proceedings of ACM Symposium on Access Control Models and Technologies, Como, 2003:51-64
  • 6Jaeger T. On the increasing importance of constraints [C] // Proceedings of the 4th ACM Workshop on Role Based Access Control, Fairefax, 1999:33-42
  • 7Ahn G J. Specification and classification of role based authorization policies [C]//Proceedings of the 12th IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprises, Linz, 2003: 202-207
  • 8Joshi J B D, Bertino E, Latif U, el al. A generalized temporal role-based access control model [J]. IEEE Transactions on Knowledge and Data Engineering, 2005, 17 (1): 4-23
  • 9Bertino E, Bonatti P A, Ferrari E. TRBAC: a temporal role-based access control model[J]. ACM Transactions on Information and System Security, 2001, 4(3): 191-223
  • 10Open GIS Consortium, Inc. OpenGIS geography markup language (GML) implementation specification Version 3. 00 [OL]. (2003 02-06)[2007-11-09]. http://xml. coverpages. org/ni2003-02-06-c. html

共引文献4

同被引文献9

引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部