摘要
1引言近年来,随着计算机信息系统安全问题愈来愈重要,对数据存取控制策略的研究已成为当前信息系统领域研究的热点问题之一.目前,存取控制主要有三种:自主存取控制(DAC,Discretionary Access Control),强制存取控制(MAC,Mandatory Access Control)和基于角色的存取控制(RBAC,Role-Based Access Control)[1~4].
RBAC(Role-Based Access Control) has been the most promising access control policy that is generally acknowledged currently, and becomes one of hot research topics in the area of information. The role grant management in traditional RBAC is only done by system (or security) administrator, it is static. Under some special circumstances . such as medical emergency treatment and fireproof, in current RBAC models, a serious problem exists: when the system administrator or the role that is being required is just absent, the other roles in the system have no ways to legally obtain a qualification so as to temporarily take the place of the absent role. In this paper, With a RBAC dynamic delegating grant (RBAC-DDG) mechanism being introduped, the new role-role relations and the novel grant model. RBAC-DDG, as well as its dynamic grant protocol are proposed, The above problem can be addressed better using this model . On the basis of an abstracted medical emergency system, the application scope of RBAC-DDG is discussed, and on RBAC-DDG, some future problems to be further studied are also given.
出处
《计算机科学》
CSCD
北大核心
2002年第2期66-68,共3页
Computer Science
