摘要
为了解决多级环境中敏感资源的安全性问题,提出了多级环境下基于角色和本体的访问控制方法。通过使用本体等语义技术,构造了一个结合基于角色的访问控制和Bell-LaPadula(BLP)模型的访问控制模型。根据角色的继承关系推导用户及资源之间安全级别的高低关系,在为角色指派权限时按照BLP模型进行授权的限制。实验表明,该方法在保证多级安全特性的前提下实现了用户权限的自动分配,消除了角色权限继承带来的安全隐患,为多级环境下的访问控制提供了一种新的思路。
To address the problem of protecting key resources in multilevel environment, a role and ontology based access con trol method is proposed. A model which combines the Role Based Access Control (RBAC) model and the BellLaPadula (BLP) model is constructed by exploiting semantic technology. Based on the role hierarchy, relationship between users and resources can be inferred. When a privilege is granted to some role, security properties of the BLP model should be met. The method is proved to be effective to automatically assign privilege to different roles and guarantee multilevel security at the same time, secu rity risks caused by privilege inheritance is diminished. The study offered a new method to solve access control problems in multi level environment.
出处
《计算机工程与设计》
CSCD
北大核心
2013年第2期458-463,共6页
Computer Engineering and Design
基金
核高基国家科技重大专项基金项目(2010ZX01041-001-001-002)
关键词
多级
本体
访问控制
角色
语义
multi-level
ontology
access control
RBAC
semantic
