摘要
中国墙策略的目的是防止在有竞争关系的企业间访问信息导致的利益冲突.著名的中国策略模型包括Brewer等人提出的BN模型和Sandhu提出的基于格访问控制模型实施的中国墙模型.然而这些模型都存在严重的缺陷:灵活性不够或者实施不方便.RBAC是目前主流的访问控制模型,该模型的特点是策略中立.基于RBAC模型全面研究了实施中国墙策略及其各种变种策略的方法,利用角色体系和RBAC的约束机制,给出了具体的构造方法,讨论了这些构造中约束的形式化描述方法.与传统的中国墙模型相比,更加灵活,并可在支持RBAC的系统中直接实施.
The purpose of Chinese Wall policy is to prevent conflict of interest between competing companies. The BN model proposed by Brewer and Nash, and the lattice-based interpretation of Chinese Wall policy proposed by Sandhu are two examples of the Chinese Wall policy models. However, these models are severely restricted and awkward to implement. RBAC is a prevalent model with policy- neutrality. This paper makes a thoroughly research on how to configure RBAC to enforce Chinese Wall policy and its variations. Based on role hierarchies and RBAC constraints, the detailed configurations are presented and the constraints in the configurations are formalized. Compared with traditional models, schemes are more flexible and can be directly enforced in systems supporting the RBAC model.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2007年第4期615-622,共8页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目(2004AA147070)
国家自然科学基金项目(90304007
60373048)
北京交通大学科技基金项目(2007RC004)
