摘要
空间数据库系统和基于移动用户位置的信息服务系统对访问控制模型具有特殊要求——用户地理位置的变化通常会引起用户权限的动态变化.提出一个支持空间特性的角色访问控制模型Spatial-RBAC,详细讨论了在空间环境下的空间区域约束、空间职责分离约束和空间角色激活基数约束.这些约束分别用来控制角色分配、角色状态改变、角色权限分配和角色激活等操作,给传统的基于角色的访问控制模型增加了空间安全描述能力.在安全空间数据库应用中,为了有效地标识用户地理位置的变化,避免不必要的计算,还给出了判断用户当前扮演的角色集的有效作用域的算法,提高了Spatial-RBAC模型的实用性.
Spatial database systems and location based services share a common access control requirement, i. e. , the same user will be assigned different access rights when this user moves into different spatial extent. The access permissions assigned to users are based on their present locations. The novel access control model is badly needed to cope with this scenario that the user's access rights are mutable. An access control model with spatial characteristics named as Spatial-RBAC is proposed. We study the main components of the model, such as spatial area constraints, separation of duties spatial constraint and spatial cardinality constraint of role activation. These constraints can control the assignment of roles, the change of role state, the assignment of privileges, the activation of roles and etc, which strengthen the security capability. In the model applications, we have developed some location iudging algorithms to identify effectively the change of the user locations and improve the practicability of Spatial-RBAC.
出处
《计算机辅助设计与图形学学报》
EI
CSCD
北大核心
2008年第10期1374-1382,共9页
Journal of Computer-Aided Design & Computer Graphics
基金
国家自然科学基金(60603041
60773049)
江苏省自然科学基金(BK2006073)
江苏大学高级人才启动基金(07JDG031)
