摘要
对传统的访问控制模型存在的问题进行分析,提出一种基于任务和角色的多粒度动态访问控制模型(MG-TRBAC)。在TRBAC模型基础上新增监管机制概念,通过对角色和任务进行约束管理和动态关联,提升访问控制的严密性、安全性和主动性;将授权过程分解为页面、功能、数据3个层次,新增数据访问策略模块与数据层授权关联,实现更加灵活的多粒度访问授权。项目实现结果表明,该模型能够有效满足项目对访问控制的需求,体现了模型的可行性。
To resolve the problems existing in the traditional access control model,an improved model called multi-granularity dynamic access control model based on tasks and roles(MG-TRBAC)was present.A supervision mechanism concept was added based on the TRBAC model,roles and tasks were dynamically managed and associated to improve the rigor,security,and initiative of access control.To make the multi-granularity access authorization more flexible,the authorization process was decomposed into page level,function level and data level,and a new strategy module associating with the authorization of data layer for data accessing was added.The implementation of the model in a project shows that the model can effectively meet the needs of the project for access control,verifying the feasibility of the model.
出处
《计算机工程与设计》
北大核心
2016年第2期349-353,395,共6页
Computer Engineering and Design
基金
卫生行业科研专项经费基金项目(201302010)
关键词
基于任务和角色
访问控制
多粒度
数据访问策略
动态授权
based on roles and tasks
access control
multi-granularity
data access strategy
dynamic authorization
