摘要
提出了一种新的基于角色的访问控制模型 ,该模型对典型RBAC模型进行了扩展 ,在典型RBAC模型只对与访问主体安全相关的概念进行抽象的基础上 ,增加了对与访问对象和访问事务安全相关的概念的抽象 ,增强了RBAC模型的功能 该模型具有简单、灵活、表达力强、可用性强和与现实世界更接近等特点 在给出模型的形式化定义之后 ,还对该模型的实现方法进行了分析和研究 ,设计了模型实现的框架结构和角色分配的监控器机制 。
A new role based access control model is proposed, which extends the traditional role based access control (RBAC) model Based on the abstraction of the user properties relevant to security in traditional RBAC model, the new model adds the abstraction of the object properties and access properties relevant to security Using the traditional concept of role, it incorporates these properties into the access decision and enhances RBAC's power and function The characteristics of the new model include simpleness, flexibility, power expression ability, and strong usability Also it is closer to the real world than the traditional RBAC model After giving a formal definition of the new model, its implementation method is studied and the structure of model implementation, the monitor mechanism of role assignment, and the access decision policy are presented
出处
《计算机研究与发展》
EI
CSCD
北大核心
2003年第10期1521-1528,共8页
Journal of Computer Research and Development
基金
国家自然科学基金(698840 0 3 )
浙江省自然科学基金(60 0 0 14 )
关键词
访问控制
安全模型
角色
access control
security model
role