期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于双层角色和组织的可扩展访问控制模型 被引量:10

Scalable Access Control Model Based on Double-tier Role and Organization
下载PDF
导出
摘要 针对现有基于角色的访问控制(RBAC)研究存在角色设置单一使得适应性差、多域环境下角色或权限冗余、对资源管理关注不够等问题,论文提出支持资源管理的基于双层角色和组织的访问控制模型。通过双层角色划分,提出基于职能角色和任务角色的双层角色架构,使得模型更加符合实际,也更具适应性;引入组织的概念并与双层角色相结合,对角色和权限的概念加以扩展,形式化定义了提出的基于双层角色和组织的访问控制模型,描述了影响模型安全的职责分离约束和势约束。对模型的表达能力、复杂度进行了分析,分析表明该机制不仅保留了RBAC的特点与优势,且比RBAC具有较低的复杂度并更适合于由多个相似组织构成的分布式多域环境。 For tackling the deficiencies of weak adaptability due to the singleness of the role establishment method, role or privilege redundancy, and little attention on resource management in the existing Role-Based Access Control (RBAC) researches, a Scalable Access Control model Based on Double-Tier Role and Organization (SDTR-OBAC) is proposed. Through double role partition, a double-tier role architecture of function role and task role is presented, solving the problem that the traditional role can not cover the requirements of both organizational level and application level at the same time. The concept of organization is introduced to integrate with the double-tier role and form an organization-role pair assigned to user instead of role only in RBAC, making model suitable to cross-domain access as well as a single domain. Through extending privileges as an operation and resource type pair, the model and its constraints including separation of duty and cardinality constraint are defined formally. The discussion of expressive power and complexity indicates that SDTR-OBAC retains all the advantages of RBAC, and can effectively reduce the administration complexity with better scalability and universality.
作者 熊厚仁 陈性元 张斌 杜学绘
机构地区 解放军信息工程大学 河南省信息安全重点实验室 数学工程与先进计算国家重点实验室
出处 《电子与信息学报》 EI CSCD 北大核心 2015年第7期1612-1619,共8页 Journal of Electronics & Information Technology
基金 国家863计划项目(2012AA012704) 2014年河南省基础研究计划项目(142300413201)资助课题
关键词 网络信息安全 基于角色的访问控制 双层角色 组织 角色继承 职责分离 Network information security Role-Based Access Control (RBAC) Double-tier role Organization Role inheritance Separation of duty
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1ANSI. 2004. American national standard for information technology-role l:ased access control[S]. ANSI INCITS 359, 2004.
  • 2Gofman M I and Yang Ping. Effecient policy analysis for evolving administrative role based access control[J]. International Journal of Software Informatics, 2014, 8(1): 95-131.
  • 3Liu Meng and Wang Xuan. Alternative representation of periodic constraint on role enabling in TRBAC and GTRBAC[J]. Journal of Computational Information Systems, 2013, 9(24): 9909-9918.
  • 4Abdunabi R, A1-Lall M, Ray I, et al: Specification, validation, and enforcement of a generalized spatio-temporal role-based access control model[J]. IEEE Systems Journal, 2013, 7(3): 501-515.
  • 5Muhammad Asif-habib. Mutually exclusive permissions in RBAC[J]. International Journal of Internet Technology and Secured Transactions, 2012, 4: 207-220.
  • 6Ma Li, Zhou Yan-jie, and Duma Wei. Extended RBAC model with task-constraint rules[C]. Proceedings of 8th Future Information Technology: Lecture Notes in Electrical Engineering, Gwangju, Korea, 2014, 276: 245-250.
  • 7Zu Xiang-rong, Liu Lian-zhong, and Bal Yan. A role and task-based workflow dynamic authorization modeling and enforcement mechanism[C]. The 1st International Conference on Information Science and Engineering (ICISE2009), Nanjing, China, 2009: 1593-1596.
  • 8Sohr K, Kuhlmann M, and Gogolla M. Comprehensive two-level analysis of role-based delegation mad revocation policies with UML and OCL[J]. Information and Software Technology, 2012, 54(12): 1396-1417.
  • 9Liu Xin-xin and Tang Shao-hua. Analysis of role-based trust management policy using description logics[J]. Journal of Computational Information Systems, 2012, 8(13): 5445-5452.
  • 10Unal D and Caglayan M U. A formal role-based access control model for security policies in multi-domain mobile networks[J]. Computer Networks, 2013, 57(1): 330-350.

二级参考文献15

  • 1史忠植,董明楷,蒋运承,张海俊.语义Web的逻辑基础[J].中国科学(E辑),2004,34(10):1123-1138. 被引量:71
  • 2KAPADIA A, AL-MUHTADI J, CAMPBELL D, et al. IRBAC 2000: Secure Interoperability Using Dynamic Role Translation[ R]. Chicago: University of Illinois, 2000.
  • 3FREUDENTHAL E, PESIN T, PORT L. dRBAC: Distributed role- based access control for dynamic coalition environment[ C]// Pro- ceedings of the 22nd International Conference on Distributed Com- puting Systems. Piscataway, NJ: IEEE Press, 2002:411-420.
  • 4MOHAMED S, ELISA B, ARIF G. SERAT : secure role mapping technique for decentralized secure interoperability [ C ]// Proceed- ings of ACM Symposium on Access Control Models and Technolo- gies. New York: ACM Press, 2005: 159- 167.
  • 5SHAFIQ B, JOSHI J B D, BENINO E. Secure interoperation in a multidomain environment employing RBAC policies [ J]. IEEE Transactions on Knowledge and Data Engineering, 2005, 17( 11): 1557 - 1577.
  • 6DENG L L, XU Z Y, HE Y P. Trust-based constraint-secure intero- peration for dynamic mediator-free collaboration [ J]. Journal of Computers, 2009, 4(9) : 862 -872.
  • 7CHANG L, LIN F, SHI Z Z. A dynamic description logic for rep- resentation and reasoning about actions[ C]// Proceedings of the 2nd International Conference on Knowledge Science, Engineering and Management. Bedim Springer-Verlag, 2007:115-127.
  • 8GONG L, QIAN X L. The complexity and composability of secure interoperation [ C]// Proceedings of the 1994 IEEE Computer Soci- ety Symposium on Research in Security and Privacy. Washington, DC: IEEE Computer Society, 1994:190 -200.
  • 9GONG L, QIAN X L. Computational issues in secure interopera- tion [ J]. IEEE Transactions on Software and Engineering, 1996, 22(1): 43-52.
  • 10张德银,刘连忠.多安全域下访问控制模型研究[J].计算机应用,2008,28(3):633-636. 被引量:10

共引文献3

同被引文献72

引证文献10

二级引证文献33

电子与信息学报
2015年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部