摘要
针对云计算环境中传统RBAC访问控制模型不能很好应对与业务逻辑高度关联的数据级权限管理的问题,结合规则引擎中规则可配置的特点提出了一种基于规则引擎的数据级权限管理模型。该模型以系统中的所有对象为事实库,使用逆向推理对数据级的权限进行判断。目前该模型已经被用于高校教学资源共享系统,实践结果表明该模型提高了系统对业务逻辑变更的应对能力,在保证云端数据安全的同时又具有一定的灵活性。
In order to solve the problem that RBAC model cannot deal well with data-level access control associated wi business logic at height level, by the characteristics of rules configurable, we propose a rule-base engine to manage the data-level access control. In this model, all objects in system are regarded as fact base, and back reasoning is used to make judgments with data-level access control. This model is used in teaching resource sharing system, and the practical result indicates that it enhances the system' s ability to cope with business logic change. In addition, this model in clouding can both ensure data security and has some flexibility.
出处
《湖北第二师范学院学报》
2014年第2期31-34,共4页
Journal of Hubei University of Education
基金
福建省教育厅A类课题(JA12391)
关键词
云计算
规则引擎
逆向推理
基于角色的访问控制
cloud computing
rule engine
back reasoning
role-based access control ( RBAC )
