期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于RBAC的授权管理安全准则分析与研究 被引量:10

Security Principles for RBAC-based Authorization Management
下载PDF
导出
摘要 针对安全准则在授权管理安全性验证中具有的重要意义,提出了基于RBAC的授权管理安全准则。以保障授权管理的安全性为目标,分析了授权管理中的RBAC安全特性,深入剖析了授权管理安全需求,从数据一致性、授权无冗余、权限扩散可控、管理权限委托可控、满足职责分离和访问权限可用等方面给出了一致性准则、安全性准则和可用性准则3项授权管理安全准则。分析表明,该安全准则与现有的RBAC安全特性相一致,能够为基于RBAC授权管理的安全性提供有效支撑,为衡量其安全性提供标准和依据。 Security principles are greatly significant to security analysis of authorization management model,but they are given little attention and are open problems.This paper proposed many security principles for RBAC-based authorization model with the aim at the security of the model.The security properties of RBAC were presented,including simple safety,simple availability,bounded safety,liveness and containment.Based on deep anatomy of security requirement in authorization management,the problems including data consistency,authorization without redundancy,controllable privilege diffusing,controllable management privilege delegating,satisfaction of separation of duty and privilege availability were discussed.The proposed security principles include consistency,security and availability principles.Analysis result indicates that the security principles are consistent with the security properties of RBAC,which can support the security requirements of authorization management efficiently and provide criterions for evaluating the security of RBAC-based authorization model.
作者 熊厚仁 陈性元 张斌 杨艳
机构地区 解放军信息工程大学 河南省信息安全重点实验室
出处 《计算机科学》 CSCD 北大核心 2015年第3期117-123,共7页 Computer Science
基金 国家"863"高技术研究发展计划(2012AA012704) 国家"973"重点基础研究发展计划(2011CB311801) 河南省基础研究计划项目(142300413201) 河南省科技创新人才计划(114200510001)资助
关键词 访问控制 授权管理 基于角色的访问控制 安全准则 职责分离 互斥 Access control Authorization management Role-base access control Security principles Separation of duty Mutually exclusive
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献15

  • 1FerraioloD, KuhnDR. Role-Basedaccesscontrol[ C] // Procee- dings of the 15th National Computer Security Conference. 1992: 554-563.
  • 2Sandhu R, Coyne E, Feinstein H, et al. Role-based Access Con- trol Models[J]. IEEE Computer, 1996,29 (2) : 38-47.
  • 3Ferraiolo D, Sandhu R, Guirila S, et al. Proposed NIST Standard for Role-based Access Control[J]. ACM Transactions on Infor- mation and System Security, 2001,4 (3) : 224-274.
  • 4Munawer Q, Sandhu R S. Simulation of the augmented typed access matrix model (ATAM) using roles [C]//Proceedings of INFOSECU99 International Conference on Information and Se- curity. 1999.
  • 5CramptonJ. Authorizations and antichains[D]. Thesis, Birbeck College, University of London, UK, 2002.
  • 6Koch M, Mancini LV,Parisi-Presicce F. Decidability of safety in graph based models for access control[C] // Proceedings of the 7th European Symposiumon Research in Computer Security. 2002:229-243.
  • 7Li N H, Mitchell J C,Winsborough W H. Beyond proo:of-com- plianee:Security analysis in trust management[J] Journal of the ACM,2005,52(3) :474 514.
  • 8Li N,Tripunitara M. Security analysis in role based access con- trol[J]. ACM Transactions on Information and System Securi- ty, 2006,9(4) : 391-420.
  • 9Sasturkar A,Yang P, Stoller S D, et al. Policy analysis for ad- ministrative role based access control[C]//Proceedings of the 19th IEEE Workshop on Computer Security Foundations. Washington : IEEE Computer Society, 2006 : 124-138.
  • 10Habib M A,Abbas Q. Mutually exclusive permissions in RBAC[J]. Int, J. Internet Technology and Secured Transactions, 2012, 4(2/3) : 207-220.

二级参考文献12

  • 1杨秋伟,洪帆,杨木祥,朱贤.基于角色访问控制管理模型的安全性分析[J].软件学报,2006,17(8):1804-1810. 被引量:38
  • 2HARRISON M A, RUZZO W L,ULLMAN J D. Protection in operating systems[J]. Communications of the ACM, 1976,19 (8) :461-471.
  • 3SANDHU R S, COYNE E J, FEINSTEIN H L, et al. Role- based access control models[J]. IEEE Computer, 1996,29(2) : 38-47.
  • 4SANDHU R, BHAMIDIPATI V, MUNAWER Q. The AR- BAC97 model for role-based administration of roles[J]. ACM Transactions on Information and System Security, 1999,2 ( 1 ) : 105-135.
  • 5LI Ninghui, WINSBOROUGH W H. Beyond proof-of-compliance:safety and availability analysis in trust management[C]// Proceedings of 2003 Symposium on Security and Privacy. Washington,D. C. ,USA:IEEE,2003:123-139.
  • 6LI Ninghui, TRIPUNITARA M V. Security analysis in role- based access control[J]. ACM Transactions on Information and System Security,2006,9(4) :391-420.
  • 7SASTURKAR A, PING Yang, STOLLER S D, et al. Policy analysis for administrative role based access control[C]//Proceedings of the 19th IEEE Workshop on Computer Security Foundations. Washington, D. C. ,USA:IEEE,2006.
  • 8GHALLLAB M, NAU D, TRAVERSO P. Automated planning theory and practice[M]. San Fransiseo, Cal. ,USA:Morgan Kaufmann Publishers,2004 : 123-131.
  • 9FOX M, LONG D. PDDL 2. 1 :an extension to PDDL for expressing temporal planning domains[J]. Journal of Artificial Intelligence Research, 2003,20 : 61-124.
  • 10BLUM A L, FURST M L. Fast planning through planning graph analysis[EB/OL]. [2009-01-25]. http://dl,,iiit. ac. in/ ijcai/IJCAI-95-VOL2/PDF/080, pdf.

共引文献4

同被引文献67

引证文献10

二级引证文献15

计算机科学
2015年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部