基于角色上下文的强制访问控制的RBAC实现

Realization of role context-based mandatory access control

通过对Sandhu方法和一种考虑角色上下文的基于角色的访问控制(RBAC)构造方法研究,针对Sandhu方法中没有考虑上下文和考虑角色上下文的构造方法中存在的权限扩散、不支持最小权限和职责分离等问题,给出了一种改进的考虑角色上下文的RBAC构造方法。该构造方法能够较好地解决考虑角色上下文的RBAC构造方法中存在的问题,并且重新定义角色上下文,使得新构造方法与实际应用更加相符,并给出新构造方法的正确性的简要证明。

The existing Sandhu method and one Role-Based Access Control（RBAC） construction method considering the role context and simulating Mandatory Access Control（MAC） were analyzed. For the problems of Sandhu method not considering via the role context and of later method existing privilege diffusion and lacking the ability of supporting least privilege and separation of duties, this study proposed an advanced method of reconstructing the role-based access control model with role context considered. The structure of the proposed construction provided a better solution for problems existing in the considering role context RBAC construction method, and re-defined the role context to make the method more suitable for the practical application. A brief theoretical analysis of the new construction was given in the end.