摘要
文章分析比较了三个安全操作系统对基于角色的访问控制(RBAC)特性的支持,分别是:TrustedSolaris8操作环境,Secure-EnhancedLinux和红旗安全操作系统。这里把RBAC特性概括为三点:用户和角色的关联、支持角色间层次和限制关系、可关联的特权。虽然三个系统都提供了对RBAC基本特性的支持,但在实现方法上不尽相同。TrustedSolaris只允许用户拥有一个活动角色,而SELinux和RFSOS支持用户的多个活动角色。三者都实现了角色间的层次关系,TrustedSolaris和SELinux只支持角色间的动态冲突关系,只有RFSOS既支持角色间的静态冲突又支持动态冲突。
This paper analyzes and compares Role-Base Access Control(RBAC)features supported in three secure op-erating systems :Trusted Solaris8Operating Environment ,Security-Enhanced Linux and RedFlag Secure Operating Sys-tem.We categorize RBAC features under three broad areas:user role assignment ,support for role relationships and con-straints,and assignable privileges.Our finding is that these products provide a sound basis for implementing the basic features of RBAC,although there are significant differences.In particular,Trusted Solaris restricts users to a single active role at any time ,while SELinux and RFSOS allow multiple roles to be activated simultaneously as the user's selection.All three provide support for role hierarchies.Trusted Solaris and SELinux support dynamic separation of duties,while RFSOS is the only one to support both of static and dynamic separation of duties.
出处
《计算机工程与应用》
CSCD
北大核心
2004年第4期41-44,共4页
Computer Engineering and Applications
基金
国家自然科学基金项目(编号:60073022)
国家863高科技研究发展计划项目(编号:863-306-ZD
12-14-2)
中国科学院知识创新工程(编号:KGCX1-09)
关键词
基于角色的访问控制
安全操作系统
静态冲突
动态冲突
Role-Based Access Control(RBAC),Secure Operating System,Static separaction,Dynamic separation