摘要
阐述了RBAC96模型在实际应用中存在授权、访问规则、细粒度访问控制等方面的不足,分析了基于角色对用户和角色混合授权的ERBAC模型的不足,提出了一种改进ERBAC模型,使其授权更加灵活,安全性更高,并采用引入访问规则和模糊时间约束机制以及把系统模块和角色进行绑定的方法予以实现。访问规则和审计功能及模糊时间约束机制的引入能使安全性更高,把系统模块和角色进行绑定达到细粒度的访问控制。改进ERBAC模型的授权更加灵活,其安全性更高。
This article expounded the shortages of RBAC96 model in the aspects of the authorization, access rules, and finegrained access control in the practical application, and analysed the shortcomings of an extended role-based access control model ( ERBAC), which integrated the authorization of users and roles, presented a new expansion mode to make the authorization more flexible and the security more secure. And it introduced access rules and fuzzy time constraint mechanism and the role of system modules and method of binding system modules and the role achieve the goals. Access rules and audit function and fuzzy time constraint mechanism make higher security, it could by binding system modules and the role to achieve finegrained access. ERBAC model to make the authority more flexible and its security is more secure.
出处
《计算机应用研究》
CSCD
北大核心
2009年第10期3929-3932,3937,共5页
Application Research of Computers
基金
重庆市自然科学基金资助项目(CSTC2006BB2369)