期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

角色转授权模型中授权冲突问题的解决方案 被引量:2

Role-based constrained delegation model and constraints specification
在线阅读 下载PDF
导出
摘要 针对现有用户-用户的角色转授权模型存在授权冲突问题,基于转授权的组件、相关性质以及约束规则,提出了一种约束转授权模型,该模型满足最小特权和职责分离两安全原则,给出了该模型的体系架构和功能描述;以此模型为背景介绍了一种约束描述语言及其形式化语义描述;通过规约算法和构造算法论证了它与严格形式上的一阶谓词逻辑是等价的,并对该约束语言的合理性和完整性进行了讨论;最后用该约束语言给出了模型的表现能力,较好的解决了转授权冲突问题。 Existing user to user role-based delegation models did not solve the problem of delegation conflicts.This paper describes role-based delegation module of RBAC,its properties,constraint rules and supposes a Role-based Constrained Delegation Model (RCDM),its structure and function in the practice,which satisfies the least privilege and separation of duty principles.This paper also presents the delegation constraints specification language RDCL based on RCDM.RCDL is proved equivalent to RFOPL by reduction algorithm and construction algorithm,and the soundness and completeness of RDCL is discussed.Finally,expressions of RCDM are described by RDCL,and the problem of delegation conflicts is solved efficiently.
作者 孙伟 邬长安 王瑞民
机构地区 信阳师范学院计算机与信息技术学院 郑州大学信息工程学院
出处 《计算机工程与应用》 CSCD 北大核心 2008年第36期244-248,共5页 Computer Engineering and Applications
关键词 基于角色的访问控制 转授权冲突 约束规则 约束描述语言 一阶谓词逻辑 Role-Based Access Control(RBAC ) delegation conflicts constrained rules Role-based Delegation Constraints Specifi- cation Language (RDCL) Restricted First-Order Predicate Logic(RFOPL)
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

  • 1Barka E,Sandhu R.Framework for role-based delegation models[C]// Proceedings of the 16th Annual Computer Security Applications Conference.New Orleans : IEEE Press, 2000 : 168-176.
  • 2Sandhu R,Bhamidipati V,Munawer Q.The ARBAC97 model for role-based administration of roles[J].ACM Transactions on Information and System Security, 1999,2( 1 ) : 105-135.
  • 3Barka E,Sandhu R.A role-based delegation model and some extensions[C]//Proceedings of 23rd National Information Systems Security Conference ( NISSC 2000).Baltimore: NIST, 2000: 101-114.
  • 4Zhang L H,Ahn G J,Chu B T.A rule-based framework for rolebased delegation[J].ACM Trans on Information and System Security, 2003,6(3) :404-441.
  • 5Barka E,Sandhu R.Role-based delegation model/hierarchical roles (RBDMl)[C]//Proceedings of the 20th Annual Computer Security Application Conference(ACSAC'04).Washington,DC:IEEE Press, 2004 : 396-404.
  • 6孙波,赵庆松,孙玉芳.TRDM——具有时限的基于角色的转授权模型[J].计算机研究与发展,2004,41(7):1104-1109. 被引量:26
  • 7徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 8洪帆,段素娟,黎成兵.基于图的委托授权模型[J].北京邮电大学学报,2005,28(6):5-7. 被引量:7
  • 9ANSI INCITS 359-2004.Role based access control[EB/OL].[2007]. http ://csre.nist.gov/rbac/.
  • 10Ahn G J,Sandhu R.Role-based authorization constraints specification[J].ACM Transactions on Information and Systems,2000,3(4): 207-226.

二级参考文献46

  • 1刘璟,周明天.基于SPKI证书的CORBA分布式授权服务[J].北京邮电大学学报,2003,26(z1):81-88. 被引量:1
  • 2Xu Z, Feng DG, Li L, Chen H. UC-RBAC: A usage constrained role-base access control model. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security. LNCS 2836, Heidelberg: Springer-Verlag, 2003.337-347.
  • 3Gasser M, McDermott E. An architecture for practical delegation in a distributed system. In: Cooper D, Lunt T, eds. Proc. of the1990 IEEE Computer Society Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society Press, 1990. 20-30.
  • 4Gladny HM. Access control for large collections. ACM Trans. on Information Systems, 1997,15(2):154-194.
  • 5Moffett JD, Sloman MS. The source ofauthority for commercial access control. IEEE Computer, 1988,21(2):59-69.
  • 6Nagaratnam N, Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering, 1998,5(4):168-178.
  • 7Bandmann O, Dam M, Firozabadi BS. Constrained delegation. In: Proc. of thc 23rd Annual IEEE Symp. on Security and Privacy.Oakland: IEEE Computer Society Press, 2002. 131-143. http://csdl.computer.org/comp/proceedings/sp/2002/1543/00/15430131abs.htm
  • 8Niezette M, Stevenne J. An efficient symbolic representation of periodic time. In: Finin TW, Nicholas CK, Yesha Y, eds. Proc. of the 1st Int'l Conf. on Information and Knowledge Management. LNCS 752, Springer-Verlag, 1992.
  • 9Ferriaolo D, Cugini J,Kuhn R. Role-Based access control (RBAC): Features and motivations. In: Proc. of the 11th Annual Computer Security Application Conf. New Orleans: IEEE Computer Society Press, 1995. 241-248. http://csrc.nist.gov/rbac/ferraiolo-cugini-kuhn-95.pdf
  • 10Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-Based access control models. IEEE Computer, 1996,29(2):38-47.

共引文献76

同被引文献12

  • 1洪帆,段素娟,黎成兵.基于图的委托授权模型[J].北京邮电大学学报,2005,28(6):5-7. 被引量:7
  • 2叶春晓,吴中福,符云清,钟将,冯永.基于属性的扩展委托模型[J].计算机研究与发展,2006,43(6):1050-1057. 被引量:17
  • 3翟征德.基于量化角色的可控委托模型[J].计算机学报,2006,29(8):1401-1407. 被引量:33
  • 4Huang K, Jian Y S. Research on a New Access Control Technology[J]. Advanced Materials Research, 2013, 765: 1858-1862.
  • 5Bauer L, Garriss S, and Reiter M. K. Distributed proving in access-control systems[C]. In Proceedings of the 2005 IEEE Symposium on Security and Privacy. IEEE Computer Society, Oakland: CA,2005:81-95.
  • 6Charalambides M., Flegkas P. Policy conflict analysis for QoS management[C]. In proceedings of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks. IEEE press, 2005: 85-94.
  • 7陈旭日,徐炜民,沈文枫,袁世忠.基于最小生成树的委托授权模型[J].计算机应用与软件,2007,24(11):47-49. 被引量:1
  • 8Zhang Xinwen,Oh S, Sandhu R.PBDM: a flexible dele- gation model in RBAC[C]//Proceedings of the SAC- MAT ' 03.Como, Italy :ACM Press,2003.
  • 9Ruan Chun, Varadharajan V.Resolving conflicts in authori- zation delegations[C]//The Australian Conference ACISP2002, July 3-5,2002.
  • 10Ruan Chun, Varadharajan V.A weighted graph approach to authorization delegation and conflict resoluti0ns[J]. LNC S 3108 : ACISP, 2004 : 402-413.

引证文献2

计算机工程与应用
2008年 第36期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部