摘要
访问控制是信息安全领域的重要问题之一;目前,基于角色的访问控制模型(RBAC)已被广泛接受,并成为领域专家学者研究的热点;职责分割(SoD)是RBAC的重要方面,它为增强高层次的组织安全策略提供了强大的机制,RBAC职责分割定义给出了各种职责分割约束的具体内容;针对不同的职责分割需求,各种基于角色的访问控制职责分割约束实现模型不断出现;根据应用系统的实际需求选择合适的访问控制模型必须了解各种模型的特点,该文通过分析RBAC中不同SoD模型的特点,指出其适用范围。
Access control is an important content in the field of information security.At present ,the model of Role-Based Access Control(RBAC)has been widely accepted and has becoming the hotspot of related experts and scholars.Separation of Duty(SoD)is an important aspect of RBAC and is a powerful mechanism to enforce high-level security policy of an organization.The specific contents of constraints in each kind of SoDs are given by the definitions of SoDs in RBAC.Variant realization models of SoDs in RBAC have been emerged to satisfy different requirements on SoDs.To select a suitable access control model according to the real requirements in an application system,the advantages of each model must be carefully analysised.In this paper,the advantages of variant SoD models in RBAC are analysised and the suitable application fields of those models are pointed out.
出处
《计算机工程与应用》
CSCD
北大核心
2005年第2期112-115,190,共5页
Computer Engineering and Applications
基金
国家"十五"科技攻关计划(编号:2001BA105A1006)
