摘要
RBAC模型通过角色的概念实现了用户和权限的分离,然而在角色继承和权限分配时可能会引发策略冲突.策略冲突可能会导致资源的非授权访问,进而影响系统的安全性.为了检测RBAC模型中的策略冲突,本文首先对策略冲突进行了分类,提出了基于着色Petri网的RBAC策略冲突检测方法,将RBAC模型转化为着色Petri网模型,利用冲突陷阱进行检测.进而设计实现了RBAC策略冲突检测原型系统CPNPCDS,说明了模型的可终结性,并在检测策略冲突的种类与运行效率上与其它经典方法做了对比.实验结果表明本方法可以有效地检测出授权冲突、职责分离冲突、用户基数冲突等三种策略冲突,并能取得较高的运行效率.
The RBAC model separates user with permission by introducing the role concept, however, the policy conflicts could occur in the process of role inheritance and permission authorization. Policy conflicts could lead to unauthorized access to resources which impacts the system security. In order to detect policy conflicts in the RBAC model, we classified the policy conflicts and proposed a conflict detection method for RBAC policies based on colored petri net which first converts RBAC model to the colored petri net mod-el then check it with the conflict traps. We implemented a prototype system named CPNPCDS, explained the model can end up in limited time and compared it with another method in conflict categories and time efficiency. The result of experiment indicated that this method could detect three kinds of policy conflicts effectively and provide a reasonable time efficiency.
出处
《小型微型计算机系统》
CSCD
北大核心
2013年第11期2487-2490,共4页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(61170295)资助
国家部委项目(A2120110006)资助
中国航空工业产学研项目
北京市教育委员会共建项目建设计划(JD100060630)资助
中央高校基础科研业务费项目(YWF-11-03-Q-001)资助