期刊文献+

基于资源的RBAC模型的研究与分析 被引量:6

Research and Analysis of Role-Based Access Control Based on Resource
下载PDF
导出
摘要 基于角色的访问控制是目前应用得较为广泛的一种访问控制技术,在基于角色的访问控制策略中,最关键的技术就是角色的定义和用户的授权;对于角色的定义,在实际应用中,一般根据企业中已有的工作职能来进行;对于用户的授权,以ARBAC97模型为基础,提出了基于资源的RBAC模型——RRBAC,将企业机构资源和系统菜单资源分层次赋给角色,以简化角色的授权管理;经分析,该模型有利于角色的划分,实现了更细粒度的访问控制,优化了基于角色的访问控制。 Role-based access control is a kind of access control technology that widely used today. The key technologies in RBAC policy are defining roles and assigning permissions to users. In our application, defining roles often relies on the job functions in company. For assigning permissions to users, analyzed the ARBAC97 model, and then proposed a new access control model -RRBAC, which is based on resource. RRBAC authorizes all of the system and organization resources hierarchically to users, in order to simplify the permission-role assignment. As analyzing, the new model is beneficial to design roles, implement thinner control capabilities of access, and optimize the RBAC.
出处 《计算机测量与控制》 CSCD 2008年第2期231-232,238,共3页 Computer Measurement &Control
基金 国家自然科学基金资助项目(60173041)
关键词 RBAC ARBAC97 访问控制 权限分配 角色 RBAC ARBAC97 access control permission assignment role
  • 相关文献

参考文献5

  • 1杨秋伟,洪帆,杨木祥,朱贤.基于角色访问控制管理模型的安全性分析[J].软件学报,2006,17(8):1804-1810. 被引量:38
  • 2Sandhu R, Bhamidipati V, Munawer Q. The ARBAC97 model for role -based administration of roles [ J]. ACM Transactions on Information and System Security, 1999, 2 (1): 105-135.
  • 3Oh S, Sandhu R, Zhang X W. An effective Role Administration Model Using Organization Structure [ J ]. ACM Transactions on Information and System Security, 2006, 9 (2) : 113 - 137.
  • 4Park J S, Sandhu R, Ahn G J. Role - based access control on the Web [J]. ACM Transaction on Information and System Security, 2001, 4 (1): 37-71.
  • 5Li N H, Tripunitara M V. Security analysis in role - based access control [ J]. ACM Transaction on Information and System Security, 2006, 9 (4): 391-420.

二级参考文献10

  • 1Sandhu R,Bhamidipati V,Munawer Q.The ARBAC97 model for role-based administration of roles.ACM Trans.on Information and Systems Security (TISSEC),1999,2(1):105-135.
  • 2Oh S,Sandhu R.A model for role administration using organization structure.In:Sandhu R,Bertino E,eds.Proc.of the 6th ACM Symp.on Access Control Models and Technologies (SACMAT 2002).Monterey:ACM Press,2002.155-162.
  • 3Crampton J,Loizou G.Administrative scope:A foundation for role-based administrative models.ACM Trans.on Information and System Security (TISSEC),2003,6(2):201-231.
  • 4Sandhu R,Coyne EJ,Feinstein HL,Youman CE.Role-Based access control models.IEEE Computer,1996,29(2):38-47.
  • 5Sandhu R.Rationale for the RBAC96 family of access control models.In:Youman C,Sandhu R,Coyne E,eds.Proc.of the 1st ACM Workshop on Role-Based Access Control.New York:ACM Press,1996.38-47.
  • 6Hong F,He XB,Xu ZY.Role-Based access control.Mini-micro system,2000,21(2):198-200 (in Chinese with English abstract).
  • 7Harrison MA,Ruzzo WL,Ullman JD.Protection in operation systems.Communications of the ACM,1976,19(8):461-471.
  • 8Li NH,Tripunitara MV.Security analysis in role-based access control.In:Proc.of the 9th ACM Symp.on Access Control Models and Technologies (SACMAT 2004).2004.126-135.
  • 9Li NH,Winsborough WH,Mitchell JC.Beyond proof-of-compliance:Safety and availability analysis in trust management.In:Proc.of the IEEE Symp.on Security and Privacy.Oakland:IEEE Computer Society Press,2003.123-139.
  • 10Sipser M; Zhang LA,Wang HP,Huang X,Trans.Introduction to the Theory of Computation.Beijing:China Machine Press,2000,107-109.

共引文献37

同被引文献43

引证文献6

二级引证文献8

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部