摘要
访问控制模型为系统的信息安全提供了一个理论框架,其目的是保护系统资源不被非法用户盗用,防止合法用户对受保护信息进行非法使用。然而,现有的访问控制模型大部分属于静态授权模型,不能方便地描述大规模、异构的分布式网络系统中授权过程的动态变化。为了解决上述不足,在充分研究流演算理论的基础上,提出了一个基于流演算理论的访问控制模型(FCDAC)。FCDAC将动态世界中的所有授权过程都看作是动作的结果,通过动作来实现状态的变化,并且在系统中只需描述动作的前提条件公理和状态更新公理就可容易地实现权限的变化。最后,通过一个教务管理实例验证上述理论,结果表明FCDAC是可行的。
Access control model provides a theory frame for information security of system,whose purpose is to protect system resources not to be embezzled by unauthorized users and prevent legal users from illegally using the protected information.However,most of the existing access control models belong to static authorization models,which cannot easily describe the dynamic changes of the authorization process in large-scale,heterogeneous distributed network system.In order to solve the problems above,a dynamic access control model based on fluent calculus theory(FCDAC)is proposed after thoroughly studying the fluent calculus theory.FCDAC will regard all the granting process as the result of actions and implement the changes of states through actions in the dynamic world,which easily realizes the permission changes by describing the precondition axioms and state update axioms.Finally,an educational management example is applied to validate the proposed theory and the results prove its efficiency.
出处
《计算机工程与科学》
CSCD
北大核心
2015年第3期517-523,共7页
Computer Engineering & Science
基金
江苏省自然科学基金资助项目(BK2010280)
南通大学自然科学基金资助项目(03041163)
关键词
访问控制
动态访问控制模型
流演算
access control
dynamical access control model
fluent calculus
