期刊文献+

基于尺度的时空RBAC模型 被引量:20

A Role-Based Access Control Model Based on Space,Time and Scale
下载PDF
导出
摘要 空间技术的广泛应用,使得空间数据的安全日益重要.空间数据库的访问控制已经成为目前国内外研究的热点问题.现有的空间数据访问控制模型主要分为2大类:一类是对RBAC模型扩展,加入空间位置的判断,提供基于位置的服务,但这类模型缺乏对空间数据自身特性的分析;另一类是基于矢量数据或栅格数据提出的自主访问控制模型,这类模型分析了空间数据的特征,如几何表示、拓扑关系等,但是缺乏一个通用的模型.在传统RBAC模型中扩展了空间位置、时间和尺度等基本数据元素,提出基于尺度的时空RBAC模型(STS-RBAC).通过在角色激活中加入位置和时间的约束条件,增加了空间信息使用的安全性;针对矢量数据和栅格数据定义尺度的概念,增强了访问控制策略的表达能力;同时定义操作集、尺度和空间对象间的关系,使得相关授权信息具有更为简单的表达形式和自动推导特性,减少了重复存储和访问次数,提高了权限判定效率. With the development of space technology, people pay more and more attention to the use of space data. Space data cannot be accessed without any restriction. So the access control models of space data are becoming more and more important. This is also a hot spot in current research in the world. Presented in this paper is an STS RBAC model, which is an improvement of traditional RBAC model. STS-RBAC model is based on the spatial database operations and it includes the attributes of space, time and scale. It can also be used in vector data and raster data. This model can manage the problems of multi-scale spatial objects as well. Scale, as is all known, is a basic element in the security of spatial data such as time and space. STS-RBAC model focuses on the special character of spatial data, and introduces role hierarchies based on the constraints of position and time, which guarantees the reliability in spatial database access. STS-RBAC model also defines the transmissibility and partial order in permissions, which makes it possible that authorizations can be inferred from others. This decreases the time and space when spatial database is accessed. With the help of STS- RBAC model, it is possible to access spatial data more efficiently and securely.
出处 《计算机研究与发展》 EI CSCD 北大核心 2010年第7期1252-1260,共9页 Journal of Computer Research and Development
基金 国家“八六三”高技术研究发展计划基金项目(2007AA120404,2007AA120405,2007AA01Z475) 国家自然科学基金项目(60603017)
关键词 空间数据 访问控制 RBAC 空间 时间 多尺度 spatial data access control RBAC space time multi-scale
  • 相关文献

参考文献19

  • 1De Cola L.Multiresolution covariation among Landsat and AVHRR vegetation indices[M] //Scale in Remote Sensing and GIS.Boca Raton,FL:CRC Press,1997:73-91.
  • 2Rhys Blakely in Mumbai.Google Earth accused of aiding terrorists[EB/OL].[2008-12-09].http://www.cnbeta.com/articles/71154.htm.
  • 3Sandhu R S,Coyne E J,Feinstein H L,et al.Role-based access control models[J].Computer,1996,29(2):38-47.
  • 4Atluri V,Mazzoleni P.A uniform indexing scheme for geo-spatial data and authorizations[C] //Proc of the 12th Annual ACM Int Workshop on Geographic Information Systems.New York:ACM,2002:207-218.
  • 5Chun S A,Atluri V.Protecting privacy from continuous high-resolution satellite surveillance[C] //Proc of the IFIP TC11/WG11.3 14th Annual Working Conf on Database Security:Data and Application Security.Development and Directions.Berlin:Springer,2000:233-244.
  • 6Atluri V,Guo Q.STAR-Tree:An index structure for efficient evaluation of spatiotemporal authorizations[C] //Proc of IFIP TC11/WG 11.3 18th Annual Conf on Data and Applications Security.Dordrecht:Kluwer Academic,2004:31-47.
  • 7Belussi A,Bertino E,CataniaB,et al.An authorization model for geographical maps[C] //Proc of the 12th Annual ACM Int Workshop on Geographic Information Systems.New York:ACM,2004:82-91.
  • 8Bertino E,Damiani M L,Momini D.An access control system for a Web map management service[C] //Proc of the 14th Int Workshop on Research Issues on Data Engineering:Web Services for E-Commerce and E-Government Applications.Washington:DC:IEEE Computer Society,2004:33-39.
  • 9Damiani M L,Bertino E,Catania B,et al.GEO-RBAC:A spatially aware RBAC[J].ACM Trans on Information and System Security,2007,(10):1-42.
  • 10Damiani M L,Bertino E,Silvestri C.Spatial domains for the administration of location-based access control policies[J].Journal of Network and Systems Management,2008,16(3):277-302.

二级参考文献55

  • 1Xu Z, Feng DG, Li L, Chen H. UC-RBAC: A usage constrained role-base access control model. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security. LNCS 2836, Heidelberg: Springer-Verlag, 2003.337-347.
  • 2Gasser M, McDermott E. An architecture for practical delegation in a distributed system. In: Cooper D, Lunt T, eds. Proc. of the1990 IEEE Computer Society Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society Press, 1990. 20-30.
  • 3Gladny HM. Access control for large collections. ACM Trans. on Information Systems, 1997,15(2):154-194.
  • 4Moffett JD, Sloman MS. The source ofauthority for commercial access control. IEEE Computer, 1988,21(2):59-69.
  • 5Nagaratnam N, Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering, 1998,5(4):168-178.
  • 6Bandmann O, Dam M, Firozabadi BS. Constrained delegation. In: Proc. of thc 23rd Annual IEEE Symp. on Security and Privacy.Oakland: IEEE Computer Society Press, 2002. 131-143. http://csdl.computer.org/comp/proceedings/sp/2002/1543/00/15430131abs.htm
  • 7Niezette M, Stevenne J. An efficient symbolic representation of periodic time. In: Finin TW, Nicholas CK, Yesha Y, eds. Proc. of the 1st Int'l Conf. on Information and Knowledge Management. LNCS 752, Springer-Verlag, 1992.
  • 8Ferriaolo D, Cugini J,Kuhn R. Role-Based access control (RBAC): Features and motivations. In: Proc. of the 11th Annual Computer Security Application Conf. New Orleans: IEEE Computer Society Press, 1995. 241-248. http://csrc.nist.gov/rbac/ferraiolo-cugini-kuhn-95.pdf
  • 9Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-Based access control models. IEEE Computer, 1996,29(2):38-47.
  • 10Sandhu RS. Rationale for the RBAC96 family of access control models. In: Youman C, Sandhu R, Coyne E, eds. Proc. of the 1 st ACM Workshop on Role-Based Access Control. New York: ACM Press, 1996.

共引文献71

同被引文献156

引证文献20

二级引证文献279

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部