期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于角色的访问控制理论研究 被引量:15

Theoretical Research on Role Based Access Control
在线阅读 下载PDF
导出
摘要 主要进行信息系统安全中基于角色的访问控制理论研究。首先对角色的关系进行扩展,引入了扩展角色、主体角色继承和扩展主体角色继承层次等概念,并证明了扩展主体角色继承具有偏序关系性质;然后对基于角色的访问控制模型进行扩展,引入客体角色概念,并给出了扩展客体角色的继承层次关系是一偏序关系的证明。为建立类似于传统RBAC(基于角色的访问控制模型)结构的新系统提供了手段。特别是在网格计算环境中存在着虚拟组织结构和跨域认证与操作,采用扩展角色与角色控制域概念可以体现这样的特征,为深入研究网格环境下的安全访问控制理论打下基础。最后讨论了进一步研究的问题。 This paper focuses on the theory of role based access control ( RBAC ). First, it extends the role definition by introducing extended role, subject role hierarchy and extended subject role hierarchy. It proves that extended subject role hierarchy is a partial ordering. Then it describes an object role and gives a proof of the property of the partial ordering of the object role. Based on the system defined in this paper, we could set up a new RBAC mechanism, particularly for grid environment with virtual organization. Finally, it gives some remarks and conclusions.
作者 杨庚 沈剑刚 容淳铭
机构地区 南京邮电大学数理学院 南京邮电大学计算机学院 Stavanger大学电子与计算机工程系
出处 《南京邮电大学学报(自然科学版)》 EI 2006年第3期1-8,共8页 Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
基金 江苏省自然科学基金重点预研项目(BK2004218) 江苏省自然科学基金(BK2003106) 南京邮电大学'攀登计划'(05KJD520144)资助项目
关键词 网络安全 访问控制 网格安全 Network security Access control Grid security
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献21

  • 1LAMPSON B W. Protection of Information System[ C]//Proc 5th Princeton Conference on Information Sciences and Systems. Princeton, 1971:437 -447.
  • 2CONWAY R W, MAXWELL W L, MORGAN H L. On the implementation of security measures in information systems[J]. Communications of the ACM, 1972,15 (4) :211 - 220.
  • 3DENNING D E. A Lattice Model of Secure Information Flow [ J ].Communications of the ACM, 1976,19 (5) :236 - 243.
  • 4SANDHU R, COYNE E J, FEINSTEIN H L, et al Role-based access control models[J] IEEE Computer, 1996,29 (2) :38 -47.
  • 5SANDHU S. The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline[C]//Proceedings of the second ACM workshop on Role-based access control. November 1997:41 - 50.
  • 6MOYER M J, ABAMAD M. Generalized Role-Based Access Control [ C ]//Proceedings of 21 st International Conference on Distributed Computing Systems. April 2001:391 -398.
  • 7MOFFETT J D. Control Principles and Role Hierarchies[ C]//Proceedings of the 3rd ACM Workshop on Role-Based Access Control(RBAC'98). 1998:91-101
  • 8JOSHI J B D, BERTINO E, GHAFOOR A. Hybrid role hierarchy for generalized temporal role based access control model[ C]//Proceedings of 26th Annum International Conference on Computer Software and Applications(COMPSAC 2002). 2002:951 -956.
  • 9SANDHU R, BHAM1D1PAT 1. Role-Based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation[J]. Journal of Computer Security, 1999(7) : 43 -58.
  • 10SIMON R T, ZURKO M E. Separation of duty in role-based environments[ C ]//Proceedings of 10th Computer Security Foundations Workshop. 1997:183 - 194.

二级参考文献9

  • 1R S Sandhu, E J Coync, H L Fcinstcin et al. Role-based access control model. IEEE Computer, 1996, 29(2): 38-47.
  • 2R Sandhu, D Ferraiolo, R Kuhn. The NIST model for role-based access control: Towards a unified standard. In: Proe of the 5th ACM Workshop on Role Based Access Control. Berlin, Germany: ACM Press, 2000. 47-63.
  • 3K Izaki, K Tanaka, M Takizawa. Access control model in obiectoriented systems. In: Proc of the 7th Int'l Conf on Parallel and Distributed Systems: Workshops. Iwate, Japan: IEEE Computer Society, 2000. 69-74.
  • 4M J Moyer, M Ahamad. Generalized role-based access control. In: Proc of the 21st Int'l Conf on Distributed Computing Systems. Phoenix: IEEE Computer Society, 2001. 391-398.
  • 5D Ferraiolo, R Sandhu, S Gavrila et al. A proposed standard for role-based access control. NIST. 2000. http://csrc. hist. gov/rbae/.
  • 6D K Gifford, P Jouvelot, M A Sheldon et al. The research file systems. In: Proc of the 12th ACM SIGOPS Symposium on Operating Systems Principles. Pacific Grove, CA: ACM Press,1991. 16-25.
  • 7乔颖,须德,戴国忠.一种基于角色访问控制(RBAC)的新模型及其实现机制[J].计算机研究与发展,2000,37(1):37-44. 被引量:75
  • 8訾小超,张绍莲,茅兵,谢立.访问控制技术的研究和进展[J].计算机科学,2001,28(7):26-28. 被引量:15
  • 9徐志伟,李伟.织女星网格的体系结构研究[J].计算机研究与发展,2002,39(8):923-929. 被引量:125

共引文献44

同被引文献105

引证文献15

二级引证文献48

南京邮电大学学报(自然科学版)
2006年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部