期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

授权管理中的权限衍生计算方法 被引量:2

Calculation approach of privilege deduction in authorization management
下载PDF
导出
摘要 权限之间的衍生关系简化了授权管理,同时也增加了权限判决的难度,准确、高效地计算权限衍生对授权和访问控制具有重要意义。在给出基于资源和操作层次的权限衍生规则基础上,针对授权管理中权限查询较频繁而权限更新较少的特点,设计了一种新的基于可达矩阵的权限衍生计算方法,并研究了权限衍生关系动态调整的算法步骤。仿真实验表明,当权限的数量较大时,该新方法比基于权限衍生规则的直接计算方法具有较高的计算效率。 Privilege deduction relation makes the authorization management easier,and at the same time it also causes the calculation of valid privileges more difficult.Therefore,it is important for authorization and access control to calculate deduction relations between privileges correctly and efficiently.Based on the resource hierarchy and operation hierarchy,the rule of privilege deduction was given in this paper.According to the fact that privilege query happens more frequently than privilege update,a new method of calculating deduction relations based on reachability matrix of privilege deduction was proposed.The experimental results show that the new method is more efficient than the way calculating deduction relations directly.
作者 王婷 陈性元 任志宇
机构地区 信息工程大学电子技术学院
出处 《计算机应用》 CSCD 北大核心 2011年第5期1291-1294,共4页 journal of Computer Applications
基金 国家863计划项目(2006AA01Z4572009AA01Z438)
关键词 权限衍生 授权管理 访问控制 可达矩阵 privilege deduction authorization management access control reachability matrix
分类号 TP309.2 [自动化与计算机技术—计算机系统结构] TP393.01 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献3

二级参考文献20

  • 1李南妮,张璟,李军怀.一种基于树型结构的B/S系统权限控制方法[J].计算机应用研究,2005,22(10):128-130. 被引量:17
  • 2司炜,曾广周,盛琦,李英俊.RBAC模型的细粒度扩充及应用[J].计算机科学,2006,33(4):277-280. 被引量:7
  • 3杨秋伟,洪帆,杨木祥,朱贤.基于角色访问控制管理模型的安全性分析[J].软件学报,2006,17(8):1804-1810. 被引量:38
  • 4Sandhu R S, Coyne E J. Role-based Access Control Models. IEEE Computer, 1996,29 (2) :38 - 47.
  • 5Fenaiolo D,Cugini J, Kuhn D R. Role based Access Control: Features and Motivations[ C ]//Annual Computer Security Applications Conference, IEEE Computer Society Press, 1995.
  • 6王婷,陈性元,张斌,夏春涛.面向ASP页面资源的细粒度访问控制方法研究[J].微电子学与计算机,2007,24(8):186-189. 被引量:2
  • 7Ji QG, Qing SH, He YP. A new formal model for privilege control with supporting POSIX capability mechanism. Science in China (Series E), 2004,34(6):683-700 (in Chinese with English abstract)..
  • 8Saltzer JH, Schroeder MD. The protection of information in computer systems. In: Trew JR, Calder J, eds, Proc, of the IEEE, Vol.63, New York: IEEE, Inc,, 1975, 1278-1308.
  • 9Schneider FB. Least privilege and more. IEEE Security& Privacy, 2003,I(5):55-59.
  • 10Portable Applications Standards Committee of the IEEE Computer Society. Standards Project, Draft Standard for Information Technology-Portable Operating System Interface (POSIX), PSSG Draft 17. New York: IEEE, Inc., 1997.

共引文献17

同被引文献17

  • 1鲁剑峰.访问控制策略的安全与效用优化方法研究[D].武汉:华中科技大学,2010.
  • 2MAX P, LI R X, LU Z D, et al. Specifying and enforcing the princi- ple of least privilege in role-based access control[ J]. Concurrency and Computation: Practice and Experience, 2011, 23 (12) : 1313 - 1331.
  • 3FU Z H, MALIK S. On solving the partial MAX-SAT problem[ C]// SAT 2006: Proceedings of the 9th International Conference on the Theory and Application of Satisfiability Testing. Seattle: IEEE Press, 2006:252 -265.
  • 4LI N H, TRIPUNITARA M V, BIZRI Z. On mutually-exclusive roles and separation of duty[ J]. ACM Transactions on Information and System Security, 2007, 10(2) : 42 - 51.
  • 5ZHANG Y, JOSHI J B D. UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and con- straints[ C] // Proceedings of the 13th ACM Symposium on Aceess Control Models and Technologies. New York: ACM Press, 2008:83 -92.
  • 6WICKRAMAARACHCHI G T, QARDAJI W H, LI N H. An effi- cient framework for user authorization queries in RBAC systems [ C]/,/Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. New York: ACM Press, 2009:23 -32.
  • 7ARGELICH J, CABISCOL A, LYNCE I, et al. Regular encodings from MAX-CSP into partial MAX-SAT[ C]// Proceedings of the 39th Intemational Symposium on Multiple-Valued Logics. Piscat- away: IEEE Press, 2009:196 - 202.
  • 8KOSHIMURA M, ZHANG T, FUJITA H, et al. QMaxSAT: a par- tial MAX-SAT solver[ J]. Journal on Satisfiability, Boolean Modeling and Computation, 2012, 8(2) : 95 - 100.
  • 9ZHANG YUE,JOSHI J B D.Uaq:a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints[C]//Proceedings of the 13th ACM Symposium on Access Control Models and Technologies.New York:ACM Press,2008:83-92.
  • 10Zhang Dana, Ramamohanarao K, Ebringer T.Role engineering using graph optimisation[C]//Proc, of the 12th ACM Symposium on Access Control Models and Techpologies.Sophia Antipolis:ACM Press,2007: 139-144.

引证文献2

计算机应用
2011年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部