摘要
安全模型既是可信信息系统的核心内容,也是可信计算研究的重要领域.基于对角色访问控制(RBAC:Role Based Access Control)和安全操作系统标准的深入研究,提出了同名角色的概念,扩展了RBAC中角色的控制范畴,便于灵活地权衡控制粒度与空间需求的对立关系,实施细粒度的访问控制;同时根据同名角色的思想,为自主存取控制(DAC:Discretionary Ac-cess Control)系统提供了同名控制域的能力.最后,在FreeBSD操作系统中设计实现了同名控制域,提高了访问控制的灵活性.
The security model is the core content in the trusted information system and the key field of the trusted computing research. Based on the deep research of the RBAC (Role Based Access Control) model and the security operating system standard, we put forward the conception of the homonymous role, which could extend the control category of the role in RBAC. By the homonymous role, we can neatly balance the opposite relationship of the control granularity and the requirement of the storage space and carry the detailed access control into execution. Based on the idea of the homonymous role, we also provide the capability of the homonymous control domain for DAC (Discretionary Access Control) system. Finally, we design and implement the homonymous control domain in FreeBSD to enhance the flexibility of the access control.
出处
《小型微型计算机系统》
CSCD
北大核心
2007年第8期1402-1406,共5页
Journal of Chinese Computer Systems
基金
国家自然科学基金(60373088)资助
