dRBAC模型的安全分析

Towards Security Analysis of the dRBAC Model

下载PDF

导出

摘要 dRBAC模型是适应于动态结盟环境的分布式信任管理和访问控制机制,具有第三方委托、值属性和证书预定等三个特征.但dRBAC模型存在一些不足,体现在以下几个方面:委托的深度没有控制;委托链的循环搜索;角色的隐式提升;职责分离原则的违背等.本文针对dRBAC模型存在的问题进行了详细的讨论,提出了合理的解决方案,提高了dRBAC模型的安全性和实用性. The dRBAC model is a scalable, decentralized trust-management and access-control mechanism for systems that span multiple administrative domains. The dRBAC model supports three feathers., third-party delegations, valued attributes, credential subscription. However, there are some limitations of the dRBAC model, which represent the following issues： no control on the depth of delegation, circular search for delegation chain, covert promotion of role, violating separation of duty. In this paper, these issues are discussed in detail, and reasonable resolutions of these issues are proposed in order to improve the security and practicability of the dRBAC model.

作者廖俊国洪帆杨秋伟张昭理

机构地区华中科技大学计算机科学与技术学院

出处《小型微型计算机系统》 CSCD 北大核心 2007年第7期1177-1180,共4页 Journal of Chinese Computer Systems

基金国家自科基金项目(60403027)资助湖南教育厅基金(03C500)资助.

关键词 dRBAC模型委托深度委托链角色隐式提升职责分离 dRBAC model depth of delegation delegation chain covert promotion of role separation of duty

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献9

1Eric Freudenthal,Tracy Pesin,Lawrence Port,et al.dRBAC:distributed role-based access control for dynamic coalition environments[C].In:Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS'02),July 2002,411-434.
2Ravi S Sandhu,Edward J Coyne,Hal L Feinstein,et al.Role-based access control models[J].IEEE Computer,1996,29 (2):38-47.
3Li Ning-hui,William H Winsborough,John C Mitchell.Distributed credential chain discovery in trust management[J].Journal of Computer Security,2003,11 (1):35-86
4Ellison C,Frantz B,et al.SPKI certificate theory[R].RFC 2693:http://www.faqs.org/rfcs/rfc27693.html,1999.
5Matt Blaze,John Feigenbaum,Jack Lacy.Decentralized trust management[C].In:Proceedings of the 1996 IEEE Symposium on Security and Privacy.Washington:IEEE Computer Society Press,1996.164-173
6Matt Blaze,John Feigenbaum,John Ioannidis,et al.The key note trust-management version 2[S].RFC 2704:http://www.faqs.org/rfcs/rfc2704.html,1999.
7Li Ning-hui,John C.Mitchell,William H Winsborough.Design of a role-based trust-management framework[C].In:Proceeding of the 2002 IEEE Symposium on Security and Privacy,2002.114-130.
8Ferraiolo D F,Sandhu R S,Gavrila S,et al.Proposed NIST standard for role-based access control[J].ACM Transaction on Information and Systems Security,2001,4(3):224-274.
9Li Ning-hui,Ziad Bizri,Mahesh V.Tripunitara.On mutuallyexclusive roles and separation of duty[C].In:Proceeding of the 11th Conference on Computer and Communications Security,2004.New York:ACM Press,42-51.

1张昭理,洪帆,廖俊国.分布式环境下用证书实现dRBAC[J].计算机工程与科学,2007,29(6):14-17.
2高迎,战疆.P2P环境下基于信任度的可控委托信任管理模型[J].计算机应用,2009,29(9):2332-2335. 被引量：2
3朱重,吴国新.分布式信任管理体系结构研究与实现[J].计算机应用与软件,2011,28(4):105-108. 被引量：2
4王电化,尹绍宏.基于RBAC的分布式协同环境下的访问控制策略[J].仪器仪表用户,2005,12(5):88-89. 被引量：1
5欧杰泉,官金兰,王霞.应用层多播中基于动态RBAC的权限管理研究[J].佛山科学技术学院学报（自然科学版）,2009,27(2):36-39.
6孙家民,史天予,王旭辉.多Agent分级动态联盟合作机制[J].数字技术与应用,2017,35(1):112-112. 被引量：1
7曲英伟,郑广海.基于分布式信任管理的多Agent系统安全结构[J].信息安全与通信保密,2006,28(5):119-121.
8郝晓晓,张卫丰.一种基于时间域和信任度的分布式证书链搜索算法[J].计算机系统应用,2010,19(2):139-142. 被引量：1
9刘一田.电子商务中的安全委托模型研究[J].计算机安全,2009(12):72-74.
10李订芳,章文,牛艳庆.基于粗糙集的缺失数据循环搜索重建算法[J].武汉大学学报（信息科学版）,2005,30(11):1016-1019.

小型微型计算机系统

2007年第7期

浏览历史

内容加载中请稍等...

dRBAC模型的安全分析

参考文献9

相关作者

相关机构

相关主题

浏览历史