期刊文献+

基于级别的信息管理系统授权模型 被引量:3

A Rank-based Model of Authorization for Information Systems
下载PDF
导出
摘要 人们已经提出了一些授权模型 ,以保证计算机系统的信息安全。作者对授权模型提出如下一些推广。首先 ,该文的授权模型提出了一个不同的否定策略 ,称为基于级别的否定策略。该否定策略避免了原来一些授权模型或者否定权限始终超越肯定权限或者肯定权限又始终优于否定权限的不灵活性。作者对授权模型的第二个推广在于引入了连锁否定的命令 ,该命令将沿着收到否定权限用户已授与他人的相应肯定权限转授链 ,按基于级别的否定策略对转授链用户的相应肯定权限进行处理。作者在授权模型中还引入了执行动作Execute。执行动作的引入使得信息管理系统的管理员对本系统具有完整的控制权。 Many authorization models have been proposed to ensure information security of computer systems. This paper proposes some extensions to the authorization models. First, a different negative strategy, called rank based negative strategy, has been incorporated in our authorization model. This strategy avoids inflexible drawbacks of the some well known models, in which either the negative authorization takes precedence over the positive authorization or the positive authorization is dominant. The second extension concerns the introduction of the cascading negative command, which processes, according to the rank based negative strategy, the corresponding positive authorizations along the chains of users who have already been granted with those corresponding positive authorizations. Our model also introduces the execution command Execute. The incorporation of this command will invest complete control of the information system with the system administrator.
出处 《华东师范大学学报(自然科学版)》 CAS CSCD 北大核心 2000年第4期37-44,共8页 Journal of East China Normal University(Natural Science)
关键词 信息管理系统 信息安全 授权模型 否定策略 级别 否定权限 连锁否定 计算机系统 information management system information security authorization model negative strategy@
  • 相关文献

参考文献7

  • 1Sandhu R.Access control principles and practice[].IEEE Transactions on Communications.1994
  • 2Lunt T F.Secure Distributed Data Views[]..1989
  • 3Griffiths PG.An authorization mechanism for a relational database systems[].ACM Transactions on Database Systems.1976
  • 4Rabitti F.A model of authorization for next-generation database systems[].ACM Transactions on Database Systems.1991
  • 5Bertino E.An extended authorization model for relational databases[].IEEE TOKDE.1997
  • 6Gal-Oz N.A model of methods access authorization in object-oriented databases[].Proc Int’l Conf Very Large Data Bases Dublin Ireland.1993
  • 7Satyanarayanan M.Integrating security in a large distributed system[].ACM TOCS.1989

同被引文献15

  • 1梁彬,孙玉芳,石文昌,孙波.一种改进的以基于角色的访问控制实施BLP模型及其变种的方法[J].计算机学报,2004,27(5):636-644. 被引量:30
  • 2钟华,冯玉琳,姜洪安.扩充角色层次关系模型及其应用[J].软件学报,2000,11(6):779-784. 被引量:91
  • 3韩庆兰.通用MIS软件系统结构模型的探索[J].中国有色金属学报,1996,6(4):176-180. 被引量:1
  • 4王景光.数据库授权系统中安全检查模型的研究[J].微计算机应用,1996,17(5):1-6. 被引量:1
  • 5Sandhu R S, Samarati P. Access control:principle and practice [J]. Communications Magazine, IEEE, 1994,32(9):40~48.
  • 6Sandhu R S, Coyne E J, Feinstein H L, et al . Role-based access control models [J].IEEE Computer, 1996, 29(2):38~47.
  • 7Osborn S, Sandhu R, Munawer Q. Configuring role-based access control to enforce mandatory and discretionary access control policies[J]. ACM Transactions on Information and System Security, 2000, 3(2):85~106.
  • 8Steinmuller B, Safarik J. Extending role-based access control model with states [A]. Proc. of the International Conference on Trends in Communications[C]. Bratislava:INSPEC, 2001, 2:398~399.
  • 9Gavrila S, Barkley J. Formal specification for role based access control user/Role and role/role relationship management[A]. Proc. of the Third ACM Workshop on Role-Based Access Control [C]. Virginia:ACM Press, 1998.81~90.
  • 10Ferraiolo D F, Cugini J, Kuhn D R. Role based access control:features and motivations[A]. Proc. of 11th Annual Conference on Computer Security Applications[C]. Los Alamitos:IEEE Computer Society Press, 1995. 241~248.

引证文献3

二级引证文献6

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部