摘要
人们已经提出了一些授权模型 ,以保证计算机系统的信息安全。作者对授权模型提出如下一些推广。首先 ,该文的授权模型提出了一个不同的否定策略 ,称为基于级别的否定策略。该否定策略避免了原来一些授权模型或者否定权限始终超越肯定权限或者肯定权限又始终优于否定权限的不灵活性。作者对授权模型的第二个推广在于引入了连锁否定的命令 ,该命令将沿着收到否定权限用户已授与他人的相应肯定权限转授链 ,按基于级别的否定策略对转授链用户的相应肯定权限进行处理。作者在授权模型中还引入了执行动作Execute。执行动作的引入使得信息管理系统的管理员对本系统具有完整的控制权。
Many authorization models have been proposed to ensure information security of computer systems. This paper proposes some extensions to the authorization models. First, a different negative strategy, called rank based negative strategy, has been incorporated in our authorization model. This strategy avoids inflexible drawbacks of the some well known models, in which either the negative authorization takes precedence over the positive authorization or the positive authorization is dominant. The second extension concerns the introduction of the cascading negative command, which processes, according to the rank based negative strategy, the corresponding positive authorizations along the chains of users who have already been granted with those corresponding positive authorizations. Our model also introduces the execution command Execute. The incorporation of this command will invest complete control of the information system with the system administrator.
出处
《华东师范大学学报(自然科学版)》
CAS
CSCD
北大核心
2000年第4期37-44,共8页
Journal of East China Normal University(Natural Science)