摘要
UCON是一种基于属性的下一代访问控制模型,但其高度抽象,难于直接应用,为此提出了一种基于角色和规则引擎的UCON应用模型UCON-ABRR。该模型通过引入角色这一属性,便于实现基于角色的用户管理;并基于规则引擎来制定访问规则和实施访问控制策略,不仅支持UCON的两个重要特征:属性易变性和决策过程连续性,而且具有很好的可操作性。该模型具有通用性,将其应用于云存储场景中,达到了预期的访问控制效果。
Attribute-based UCON is considered as the next generation access control model. But its highly abstraction makes it hard to be applied in real world systems directly. A UCON application model based on role and rule-engine, called UCON-ABRR is proposed. Role attribute is introduced to facilitate the management of role-based users and based on rule-engine the access rules is formulated and the control policy is realized, which not only supports the two important characteristics of UCON: attribute mutability and decision continuity, but also has good operability, The model is universal, and has achieved the expected access control effect when applied to the cloud storage scene.
出处
《计算机工程与设计》
CSCD
北大核心
2013年第3期831-836,共6页
Computer Engineering and Design
基金
广东省自然科学基金项目(S2011010004197)
广东省教育部产学研合作基金项目(2011B090400331
2011B090400367)