基于行为能力结构的域间动态授权管理模型

General Inter-Domain Dynamic Authorization Management Model Based on Action Capability

下载PDF

导出

摘要综合角色访问控制模型和属性访问控制模型的各自优势,基于粒逻辑基本原理,提出了一个基于行为能力结构的域间动态授权管理模型(GiDAAMM)。基于行为能力粒结构角色定义、岗位要求、时间约束、行为判定、可信环境等综合子粒因素的关联分析,探讨了行为能力的层次结构与权限分配模式,给出了GiDAAMM模型的行为能力约束规则、授权规则与策略关系,完成了GiDAAMM模型的形式化描述和相关安全定理证明。GiDAAMM模型不仅能进一步细化访问控制粒度,优化授权策略管理,增强系统的实用性,并且能提供完善的系统保护,有效降低威胁风险。 A general inter-domain dynamic authorization management model based on action capability（GiDAAMM） is presented according to the basal principle of theory granular logic and integrates the merits of both RBAC and ABAC.The hierarchy and the permit assignment of the action capability are discussed,and the restricting regulation,authorization regulation,policy relation of the action capability in the GiDAAMM are extended based on the correlative analyses of the role definition,station request,time restriction,action determinant,credible environment and other integrative granule factors in the action capability granule.The formalized description and correlation secure theorem is proved,and the GiDAAMM is analyzed compared to other interrelated authorization management models.The model makes the access control more precise,optimizes the authorization policy management,improves the practicability of the system,and extends the application area of security model.It also perfectly protects the system,reduces the threat risk.

作者陈喆王亚弟朱智强杨星

机构地区信息工程大学电子技术学院信息工程大学

出处《信息工程大学学报》 2010年第6期641-646,共6页 Journal of Information Engineering University

基金国家863计划资助项目(2008AA01Z404)

关键词行为能力访问控制粒逻辑 GiDAAMM模型 action capability access control granular logic GiDAAMM

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献9

1Sandhu R,Ferraiolo D,Kulm R.The NIST Model for Role-Based Access Control:Towards A Unified Standard[C]// Proceedings of the 5th ACM Workshop on Role-Based Access Control,IEEE Computer Society,2000,7:47-61.
2Yuan E,Tong J.Attributed Based Access Control for Web Services[C]//Proceedings of the IEEE International Conference on Web Services,2005,7:561-569.
3Hobbs J.Granularity[C]//Proceeding of the IJCAI.1985:432-435.
4Zadeh L.Fuzzy Sets and Information Granularity in Advances in Fuzzy Set Theory and Applications[M].North-Holland:Amsterdam,1979.
5Priebe T,Dobmeier W,Kamprath N.Supporting Attribute-based Access Control with Ontologies[C]//Proceedings of the 1st International Conference on Availability,IEEE Computer Society,2006,4:465-472.
6Bertino E,Bonatti P A,Ferrari E.TRBAC:A Temporal Role-Based Access Control Model[J].ACM Transactions on Information and System Security,2001,4(3):191-223.
7Joshi J,Bertino E,Latif U,Ghafoor A.A Generalized Temporal Role Based Access Control Model[J].IEEE transaction on Knowledge and Data engineering,2005,17(1):4-23.
8Covington M,Long W,Srinivasan S,et al.Securing Context-Aware Applications Using Environment Roles[C]//Proceedings of the 6th ACM Symposium on Access Control Models and Technologies,2001,5:10-20.
9Ray I,Yu L.Short Paper:Towards A Location-Aware Role-Based Access Control Model[C]//Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks,IEEE Computer Society,2005,9:234-236.

1苏一丹.论计算机专业人才的能力结构[J].广西大学学报（自然科学版）,1999,24(S1):12-13.
2张春华.谈高校非计算机专业计算机基础教育[J].煤炭高等教育,1997,15(4):69-71.
3常素丽,王璐瑶,姚兰.对高职计算机基础教学模式的探索与思考[J].当代教育实践与教学研究（电子版）,2016,0(2X):159-159. 被引量：3
4李星.Internet面临的挑战[J].电信技术,1997(2):4-6. 被引量：1
5俞研,金凤,吴家顺.基于自定义安全策略的Android应用细粒度访问控制方法[J].南京理工大学学报,2016,40(2):142-148. 被引量：1
6王莹,张永胜,张永强,杨晶,孙翠翠.结合信任的Web Services属性访问控制模型[J].计算机工程与设计,2011,32(8):2575-2579. 被引量：1
7刘君,曹宝香.基于SOA的属性访问控制模型研究[J].通信技术,2011,44(3):143-145.
8黄伟增.基于SOA的属性访问控制模型的研究[J].信息与电脑（理论版）,2011(4):152-152.
9代海芳,汤菊香,张志勇.现代化教学中教师的多媒体应用能力[J].现代农业科技,2010(12):30-30. 被引量：1
10赵彤洲,王海晖,刘昌辉.如何在计算机实践教学中培养大学生的动手能力[J].软件导刊,2010,9(1):197-199. 被引量：3

信息工程大学学报

2010年第6期

浏览历史

内容加载中请稍等...

基于行为能力结构的域间动态授权管理模型

参考文献9

相关作者

相关机构

相关主题

浏览历史