期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

PMI授权管理系统的接口设计 被引量:1

Connection Design of Authorization Management System Based on PMI
下载PDF
导出
摘要 授权管理基础设施PMI是目前能够解决大规模网络安全问题的可行方案,但国内的PMI应用才刚起步。文中介绍了一种PMI授权管理系统,给出了系统架构,详细论述了系统授权管理的接口设计,为PMI应用提供了一个可借鉴的实例。该系统采用PMI/PKI技术、LDAP数据库和RBAC模型等,实现了信息资源的访问控制。通过将访问控制机制从具体应用系统的开发和管理中分离出来,屏蔽了安全技术的复杂性,使访问控制机制与应用系统之间能灵活而方便地结合和使用。 PMI is at present can solve the large- scale network security question feasible plan, but our country's PMI application just now starts. One kind of authorization management system based on PMI is introduced, the system construction is given, the connection design is described in this paper. This system has provided the example for PMI application. It uses the PMI/PKI technology, the LDAP database and the RBAC access control model and so on, has realized the information resource access control. The ecxnplexity of the safety technology is shielded in the system to connect and use flexibly and conveniently between the access control mechanism and the application system.
作者 周彦萍
机构地区 河北省科学院应用数学研究所
出处 《计算机技术与发展》 2010年第3期167-171,共5页 Computer Technology and Development
基金 河北省财政计划项目(08926)
关键词 PKI/PMI 授权管理 RBAC访问控制模型 接口设计 PKI/PMI privilege management RBAC access control model connection design
分类号 TP39 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1ITU- TRec. X509 (2000) |ISO/IEC 9594 - 8: 2000, The Directory:Public- key and attribute certificate framework[ S/ OL]. 2000. http://www.iso. org/iso/store. htm.
  • 2ITU - TRec. X509 (2005) | ISO/IEC 9594 - 8: 2005, The Directory:Public-key and attribute certificate framework[ S/ OL ]. 2005. http://www. iso. org/iso/iso-catalogue/catalogue-tc/catalogue-detail. htm? csnumber = 43793.
  • 3中国人民共和国信息产业部.GB/T16264.8-2005,信息技术开放系统互连目录第8部分:公钥和属性证书框架[S].北京:中国标准出版社,2005.
  • 4刘宏月,范九伦,马建峰.访问控制技术研究进展[J].小型微型计算机系统,2004,25(1):56-59. 被引量:76
  • 5李辉 王芳.“一切皆角色”的访问控制策略.计算机科学,2006,(9):121-125.
  • 6薛伟,怀进鹏.基于角色的访问控制模型的扩充和实现机制研究[J].计算机研究与发展,2003,40(11):1635-1642. 被引量:21
  • 7Yeong W,Howes T, Kille S. RFC 2251, Lightweight Directory Access Protocol (v3) [S]. [s. l. ] : [s. n. ] ,1997.
  • 8Adame C,Lloyd S.公钥基础设施-概念、标准和实施全[M].冯登国,译.北京:人民邮电出版社,2001.

二级参考文献12

  • 1D Ferraiolo, J Cugini, D R Kuhn. Role based access control:Features and motivations. In: Proc of the llth Annual Computer Security Applications Conf. Los Alamitos, CA: IEEE Computer Society Press, 1995.
  • 2D Ferraiolo, J Barkley, D R Kuhn. A role-based access control model and reference implementation within a corporate Intranet ACM Trans on Information and System Security, 1999, 2( 1 ) : 34-64.
  • 3R Sandhu, E Coyne, H Feinstein et al. Role-based access control models. IEEE Computers, 1996, 29(2) : 38-47.
  • 4D Ferraiolo, R Sandhu, D R Kuhn et al. Proposed NIST standard for role-based access control. ACM Trans on Information and System Security, 2001, 4(3): 224-274.
  • 5G Ahn, R Sandhu. Role-based authorization constraints specification. ACM Trans on Information and System Security,2000, 3(4): 207-226.
  • 6P Iglio, L Giuri. A formal model for role-based access control with constraints. In: Proc of the 9th IEEE Workshop on Computer Security Foundations. Los Alamitos, CA: IEEE Press, 1996.136- 145.
  • 7D Gligor, S Gavrila, D Ferraiolo. On the formal definition of separation-of-duty policies and their composition. In: Proc of the 1998 IEEE Computer Society Symp on Research in Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press,1998. 172- 183.
  • 8R Sandhu, D Ferraiolo, R Kuhn. The NIST model for role based access control: Towards a unified standard. In: Proc of the 5th ACM Workshop on Role Based Access Control. New York, NY:ACM Press, 2000. 47-63.
  • 9J M Spivey. The Z Notation: A Reference Manual, Seamd Edition. New Jersey, USA: Prentice Hall, 1992.
  • 10Manuel Koch, Luigi V Mancini, Francesco Parisi-Presicce. A formal model for role-based access control using graph transformations. In: The 6th European Symp on Research in Computer Security (ESORICS 2000) . Berlin: Springer, 2000.122- 139.

共引文献95

同被引文献10

  • 1孟凡滋,谢琦.基于LDAP的框架及其实现[J].计算机技术与发展,2006,16(10):42-44. 被引量:10
  • 2李辉 王芳.“一切皆角色”的访问控制策略.计算机科学,2006,(9):121-125.
  • 3ITU-T Ree. X509(2000) 1 ISO/IEC 9594-8:2000,The Directory: Publickey and attribute certificate framework [S/ OL]. 2000. http ://www. iso. org/iso/store. htm.
  • 4ITU-T Rec. X509(2005) 1 ISO/IEC 9594-8:2005,The Directory: Public-key and attribute certificate framework [S/OL]. 2005. http ://www. iso. org/iso/iso_catalogue/catalogue_te/eatalogue_detail. htm? esnumber = 43793.
  • 5中国人民共和国信息产业部.GB/T16264.8-2005,信息技术开放系统互连目录第8部分:公钥和属性证书框架[S].中国标准出版社,2005.
  • 6Adame C,Lloyd S.公钥基础设施-概念、标准和实施[M].冯登国,译.北京:人民邮电出版社,2001.
  • 7Yeong W, Howes T, Kille S. RFC 2251, Lightweight Directory Access Protocol ( v3 ) [ S ]. 1997.
  • 8曹晟,杨洁,孟庆春.基于PMI的系统访问安全管理研究与设计[J].计算机工程,2007,33(24):141-143. 被引量:8
  • 9周彦萍,张志业,崔芸.基于客体管理的增强型RBAC模型的研究[J].河北科技大学学报,2010,31(3):227-232. 被引量:1
  • 10刘宏月,范九伦,马建峰.访问控制技术研究进展[J].小型微型计算机系统,2004,25(1):56-59. 被引量:76

引证文献1

二级引证文献1

计算机技术与发展
2010年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部