摘要
在分析多域交互主要特性的基础上,提出了一种多安全域下的动态使用控制模型(DAB-UCON)。该模型以下一代访问控制UCONABC核心模型为基础,将属性、授权(A)、义务(B)、条件(C)等各个组件作为一个动态实体进行扩展。提出一种属性分类方法,即按照属性定义时间和应用范围分别进行模型描述。最后对模型进行讨论,引入属性谓词等来满足动态多域交互条件下的系统需求。扩展后的模型有助于访问控制中动态的策略构建和授权。
On the basis of analyzing multiple domain interaction, we proposed a dynamic attribute based multiple domain usage control model. The model DAB-UCON is based on the next generation access control model UCONABC, and extends the dynamic characteristics of the UCONAnc components of authorization, obligation and conditions. Then we classified dynamic attributes according to the time of definition and the scope applied, which facilitate modeling each component as a dynamic entity. At last we discussed the extended model by formalizing,and introduced new predicates to accommodate requirements of multi-domain dynamic interaction, which will be useful for dynamic policy constructing and authorization in access control.
出处
《计算机科学》
CSCD
北大核心
2009年第12期73-75,80,共4页
Computer Science
基金
国家高技术研究发展计划(八六三计划)基金资助项目(2006AA10Z409)
河南省基础与前沿技术研究计划(082300410150)资助
关键词
访问控制
动态属性
多安全域
使用控制
Access control, Dynamic attribute, Multiple domain, Usage control