期刊文献+

基于认证可信度的用户权限控制技术研究 被引量:4

Research on User's Rights Control Technology Based on Authentication Trustworthiness
下载PDF
导出
摘要 认证可信度体现了用户身份的可信程度。本文基于用户认证可信度实施用户登录限制、用户角色获取限制及角色强制访问控制策略权限限制,提出了基于认证可信度的用户权限控制技术。将认证可信度与用户访问系统结合,要求用户访问系统必须具有相应的认证可信度,具有重要身份的用户必须通过重要的身份认证机制的认证。在角色定权中结合认证可信度,根据用户认证可信度确定用户可以激活的角色,确定角色被激活后的访问控制权限,并参与到各强制访问控制策略实施中,真正实现认证与访问授权的有机统一,解决权限的不当获取。最后指出了进一步研究的内容。 Authentication trustworthiness reflects the degree of trustworthiness of the user who has passed system authentication. Based on authentication trustworthiness, logging in is restricted, user's role and role's mandatory access control rights are restricted, and then the user's rights control technology is proposed. Combing authentication trustworthiness with accessing systems, it requests that the user must have some authentication trustworthiness when he wants to access a system, and the impor- tant user must pass an important identity authentication mechanism. Applying authentication trustwor- thiness to RBA(Role Based Authorization), it can decide which role can be activated by the user, and al- so can decide what rights can be activated by the active role of the user, and reflects on every mandatory access control policy, it implements the unification of authentication and access authorization, solves the problem of improper right obtaining. Finally, more contents to be studied are pointed out.
出处 《计算机工程与科学》 CSCD 北大核心 2011年第9期24-28,共5页 Computer Engineering & Science
关键词 认证可信度 强制访问控制 角色定权 访问授权 authentication trustworthiness mandatory access control ~ role based authorization accessauthorization
  • 相关文献

参考文献6

二级参考文献21

  • 1D E Bell,L J La Padula. Secure Computer System:Unified Exposition and Multics Interpretation[M].MTR-2997 Revl,Massachusetts,MITRE Corporation Bedford: 1976-03
  • 2Jung-Min Kang,Wook Shin,Chun-Gu et al. Extended BLP Security Model Based on Process Reliability for Secure Linux Kernel[C].In:IEEE 2001 Pacific Rim International Symposium,2001:299~303
  • 3IEEE/ANSI Draft Std. 1003. le,Draft Standard for Information Technology-POSIX Part 1: System API: Protection, Audit and Control Interface[S]. 1997.
  • 4Amon Ott. The Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension[A]. The 8th Int'1 Linux Kongress[C]. 2001.
  • 5Xie Huagang. Build a Secure System with LIDS[EB/OL].http://www.lids. org/document/build_lids-0.2. html, 2000-10.
  • 6R Watson, TrustedBSD: Adding Trusted Operating System Features to FreeBSD[A]. 2001 USENIX Annual Technical Conf[C]. 2OOl.
  • 7C Wright, C Cowan, S Smalley. Linux Security Modules:General Security Support for the Linux Kernel[A]. 11th USENIX Security Symp[C], 2002.
  • 8Curtis Anderson. xFS Attribute Manager Design[EB/OL].http://oss.sgi. com/projeets/xfs/design_does/xfsdoes93_pdf/attributes.pdf, 1993-10.
  • 9V Samar, R Schemers. Unified Login with Pluggable Authentication Modules(PAM)[EB/OL]. http://www.opengroup.org/tech/rfc/mirror-rfc/rfc86.0.txt, 1995-10.
  • 10V. Samar, C. Lai. Making login services independent of authentication technologies, http://java.sun.com/security/jaas/doc/pam. html, 1995.

共引文献8

同被引文献30

引证文献4

二级引证文献15

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部