摘要
针对现有方法对权限传播深度控制不灵活的问题,引入私有化阈值的概念,提出了基于私有化阈值的权限继承方法,并给出了一个静态职责分离约束检测算法。将权限的传播深度定义为权限传播值与私有化阈值之差,在确保不违背静态职责分离约束的前提下,通过调整私有化阈值控制权限的传播深度,避免了调整传播值所需的大量计算,实现了对权限传播深度的灵活控制。检测算法通过分析静态职责分离约束权限集与用户权限集的关系,将需要考虑的用户数降至最少,其时间复杂度比逐一验证法低多个数量级。
To improve the flexibility of controlling the depth of permission inheritance,the concept of threshold of privatization was introduced and a method based on it was proposed.Because the depth was defined as the difference between inheritance value and threshold of privatization,it could be changed by adjusting the threshold of privatization,with the precondition that the adjustment would not violate the static separation of duty.An algorithm was given to detect whether the adjustment would violate the static separation of duty.Through analyzing the relationship between permissions of static separation of duty and user's permissions,the algorithm minimized the number of users that need to be considered.Consequently,the time complexity of this algorithm is much lower than the one considering all users.
出处
《计算机应用》
CSCD
北大核心
2010年第5期1230-1232,1235,共4页
journal of Computer Applications
关键词
基于角色的访问控制
私有权限
私有化阈值
静态职责分离
约束检测
Role-Based Access Control (RBAC)
private permission
privatization threshold
static duty separation
constraint detection
