摘要
随着云计算的出现,物联网时代的到来,传统单一的访问控制模型已经难以适用.基于角色的访问控制(RBAC)和基于属性的访问控制(ABAC)是近些年最为流行的访问控制模型.但是,针对大规模环境,RBAC与ABAC都存在已知的局限性.然而,它们能提供彼此互补的特征.因此,RBAC与ABAC的整合工作渐渐成为了近些年研究的热点领域.本文根据属性与角色结合方式的不同,将已有的结合属性与角色的访问控制模型归类为动态角色、以属性为中心和以角色为中心三种,目的在于总结和分析现有的这些方法,并且基于安全需求对这些方法进行比较,为优化结合属性与角色的访问控制模型提供新的思路.
With the advent of Cloud Computing and Internet of Things,the traditional single access control model has been difficult to apply.Role-based access control (RBAC) and Attribute-based access control (ABAC) are the most prominent access control models in recent years.RBAC and ABAC have known limitations for large-scale environments,while providing complementary features each other.Therefore,the integration of RBAC and ABAC has gradually become a hot topic recently.In this paper,according to the combination of attributes and roles,the existing access control models combined attribute with role are classified into dynamic roles,attribute-centric and role-centric.The purpose is to summarize and analyze the existing methods,compare these methods based on security requirements,and provide new ideas for optimizing the access control model combined attribute with role.
作者
周超
任志宇
ZHOU Chao, REN Zhi-yu(1 The PLA Information Engineering University, Zhengzhou 450001, China ;2State Key Laboratory of Mathematical Engineering & Advanced Computing,Zhengzhou 450001 ,Chin)
出处
《小型微型计算机系统》
CSCD
北大核心
2018年第4期782-786,共5页
Journal of Chinese Computer Systems
基金
国家"八六三"高技术研究发展计划项目(SQ2015AA011705)资助
关键词
访问控制
属性
角色
动态
细粒度
access control
attribute
role
dynamic
fine-grained
