摘要
传统访问控制中角色设置单一,使得系统适应性差、细粒度访问控制不足等。针对此问提出了一种基于信任度与属性的权限访问控制模型。模型改进了传统的用户角色权限分配策略,引入信任约束条件来控制用户角色分配,针对用户的恶意攻击和访问进行控制和过滤;引入属性对角色的有效权限分配实行进一步的约束。实例分析表明,基于信任度和属性的RBAC混合扩展访问控制模型不仅保留了RBAC授权访问的优势,还支持灵活、动态、细粒度的访问控制,可有效减少管理复杂度,为访问控制提供了一种新的解决方案。
Aiming at the problems of poor adaptability and insufficient fine-grained access control caused by single role setting in traditional role-based access control,an improved Role-Based Access Control(RBAC)model based on trust-degree and attribute is proposed.The model improves the traditional user-role-permission allocation strategy,trust constraints are applied to user-role assignment to control and the attacks and accesses of malicious users are filtered.Further constraints are imposed on the effective permission allocation of roles by introducing attributes.The analysis implies that the hybrid extended access control model based on trust and attributes for RBAC retains the advantages of RBAC authorized access,and supports flexible,dynamic and fine-grained access control,which can effectively reduce the complexity of management and provide a new solution for access control.
作者
王洪欣
苗丽娟
徐尚瑜
严冬
WANG Hong-xin;MIAO Li-juan;XU Shang-yu;YAN Dong(Jinling Institute of Technology,Nanjing 211169,China)
出处
《金陵科技学院学报》
2019年第4期15-19,共5页
Journal of Jinling Institute of Technology
基金
江苏省农业科技自主创新资金项目(CX17-2015)
南京市科技计划项目(201505055)
关键词
信任度
属性
权限分配
动态授权
授权规则
trust-degree
attribute
permission assignment
dynamic authorization
authorization strategy