摘要
大型网络应用如疫情报告系统需要访问控制系统根据环境变化调整访问控制策略,而现有的访问控制模型缺乏灵活性,难以适应环境动态变化的需要.通过对RBAC模型进行扩展,提出了一个环境适应的基于角色的访问控制模型EA-RBAC.该模型相对于传统RBAC模型,增加了事件触发、基于事件的状态等价类迁移、环境角色和虚拟域等机制.通过事件触发机制和状态等价类迁移实现了系统对环境变化的感知和随环境变化的状态迁移.通过环境角色和虚拟域的概念,实现了环境角色的动态调整和用户授权的按状态调整.该模型能够根据环境变化,在不失安全性的前提下为大型网络应用灵活实施访问控制策略.作为示例,给出了模型在疫情报告系统中的适用性分析.
Large scale network-based applications,such as infectious diseases reporting system,require that access control policy can be changed according to environment alternation.However,existing access control models are inflexible and can not be adapted to environment alternation because they are lack of mechanisms to capture environment alternation and to change access control policy.In this paper,we analyze the access control requirements of infectious diseases reporting system.Based on the analysis,we extract the general access control requirements of large scale network-based applications.Through extending RBAC model,we design the components of the environment-adaptive role-based access control model called EA-RBAC and give the formal definition of the model.Compared with traditional RBAC models,EA-RBAC model adds event-trigger,event-based equivalent states transition,environment role and virtual domain mechanisms.Through event-trigger and equivalent states transition,the system can perceive environment alternation and transit state based on environment alternation.Through environment role and virtual domains,the system can dynamically adjust environment role and user authorization based on current state.EA-RBAC model can enforce flexible access control policy for large scale network-based applications while holds security.Also,as an example,this paper gives the applicability analysis of EA-RBAC model in infectious disease reporting system.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2011年第6期983-990,共8页
Journal of Computer Research and Development
基金
国家自然科学基金项目(90818012)
国家“八六三”高技术研究发展计划基金重点项目(2007AA010601)
中国科学院重要方向项目(KGCX2-YW-125)
关键词
访问控制
环境适应
RBAC
环境角色
虚拟域
access control
environment-adaptive
RBAC
environment role
virtual domain
