期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于双层角色映射的跨域授权管理模型 被引量:4

Cross-domain authorization management model based on two-tier role mapping
下载PDF
导出
摘要 针对传统跨域授权管理模型角色设置方法单一,以及有可能出现隐蔽提升、职责分离冲突等问题,提出一种基于双层角色结构的跨域授权管理模型。通过在管理域内设置双层角色,使得角色的设置与管理更加符合现实需求;采用单向角色映射的方式杜绝映射环路;引入属性、条件等动态因素,实现了权限的动态调整。采用动态描述逻辑刻画了模型中的概念、关系及管理动作。对模型的安全性分析表明,该模型满足自治性和安全性原则。 With regard to the singleness of the role establishment method in the traditional cross-domain authorization management models, and the problems such as implicit promotion of privilege and the separation of duties conflict, a new cross-domain authorization management model based on two-tier role mapping was proposed. The two-tier role architecture met the practical needs of role establishment and management. On this basis, unidirectional role mapping can avoid the role mapping rings. By introducing attribute and condition, dynamic adjustment of permissions was realized. The model was formalized by dynamic description logic, including concepts, relations and management actions. In the end, the security of the model was analyzed.
作者 任志宇 陈性元 单棣斌
机构地区 信息工程大学四院 河南省信息安全重点实验室 数学工程与先进计算国家重点实验室
出处 《计算机应用》 CSCD 北大核心 2013年第9期2511-2515,共5页 journal of Computer Applications
基金 国家973计划项目(2011CB311801) 河南省科技创新人才计划项目(114200510001)
关键词 信息安全 多域安全互操作 跨域角色映射 授权管理模型 动态描述逻辑 information security multi-domain secure interoperation cross-domain role mapping authorization management model dynamic description logic
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献15

  • 1KAPADIA A, AL-MUHTADI J, CAMPBELL D, et al. IRBAC 2000: Secure Interoperability Using Dynamic Role Translation[ R]. Chicago: University of Illinois, 2000.
  • 2FREUDENTHAL E, PESIN T, PORT L. dRBAC: Distributed role- based access control for dynamic coalition environment[ C]// Pro- ceedings of the 22nd International Conference on Distributed Com- puting Systems. Piscataway, NJ: IEEE Press, 2002:411-420.
  • 3MOHAMED S, ELISA B, ARIF G. SERAT : secure role mapping technique for decentralized secure interoperability [ C ]// Proceed- ings of ACM Symposium on Access Control Models and Technolo- gies. New York: ACM Press, 2005: 159- 167.
  • 4SHAFIQ B, JOSHI J B D, BENINO E. Secure interoperation in a multidomain environment employing RBAC policies [ J]. IEEE Transactions on Knowledge and Data Engineering, 2005, 17( 11): 1557 - 1577.
  • 5张德银,刘连忠.多安全域下访问控制模型研究[J].计算机应用,2008,28(3):633-636. 被引量:10
  • 6DENG L L, XU Z Y, HE Y P. Trust-based constraint-secure intero- peration for dynamic mediator-free collaboration [ J]. Journal of Computers, 2009, 4(9) : 862 -872.
  • 7叶春晓,郭东恒.多域环境下安全互操作研究[J].计算机应用,2012,32(12):3422-3425. 被引量:4
  • 8李瑞轩,胡劲纬,唐卓,卢正鼎.R^2BAC:基于风险的多自治域安全互操作模型[J].通信学报,2008,29(10):58-69. 被引量:7
  • 9史忠植,董明楷,蒋运承,张海俊.语义Web的逻辑基础[J].中国科学(E辑),2004,34(10):1123-1138. 被引量:71
  • 10CHANG L, LIN F, SHI Z Z. A dynamic description logic for rep- resentation and reasoning about actions[ C]// Proceedings of the 2nd International Conference on Knowledge Science, Engineering and Management. Bedim Springer-Verlag, 2007:115-127.

二级参考文献86

共引文献154

同被引文献55

  • 1沈海波,洪帆.基于WS-Federation的Web服务跨域单点登录认证分析[J].计算机应用研究,2006,23(2):116-118. 被引量:13
  • 2沈海波,洪帆.基于Cookie的跨域单点登录认证机制分析[J].计算机应用与软件,2006,23(12):48-51. 被引量:25
  • 3刘润达,诸云强,宋佳,冯敏.一种简单跨域单点登录系统的实现[J].计算机应用,2007,27(2):288-291. 被引量:44
  • 4张秋余,张启坤,袁占亭,王锐芳.基于格的跨域认证联盟协议[J].计算机应用,2007,27(4):835-837. 被引量:6
  • 5Zheng J, Guo X, Zhang Q, et al. A cross-do- main authentication protocol based on ID [ J ]. International Journal of Computer Science Is- sues,2013,10 ( 1 ) : 264 - 270.
  • 6Liu H, Luo P, Wang D. A distributed expansi- ble authentication model based on Kerberos [J ]. Journal of Network and Computer Appli- cations ,2008,31 (4) :472 -486.
  • 7Liu H, Luo P, Wang D. A scalable authentica- tion model based on public keys[ J]. Journal of Network and Computer Applications, 2008,31 (4) :375 -386.
  • 8Kornievskaia O, Honeyman P, Doster B, et al. Kerberized credential translation: a solution to web access control [ M ]. Ann Arbor: Usenix Association Berkeley,2001:235 - 249.
  • 9Hahnsang K, Shin K G, Dabbous W. Improving cross-domain authentication over wireless local area networks [ M ]. Athens: Secure Comm, 2005 : 127 - 138.
  • 10Li H, Dai Y, Tian L, et al. Identity-based au- thentication for cloud computing[ M]. Beijing: Cloud Conn,2009 : 157 - 166.

引证文献4

二级引证文献11

计算机应用
2013年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部