| 引入属性和分组概念的ARBAC扩展模型 |
| |
| 引用本文: | 徐兰芳,王飞.引入属性和分组概念的ARBAC扩展模型[J].计算机仿真,2007,24(1):124-126. |
| |
| 作者姓名: | 徐兰芳 王飞 |
| |
| 作者单位: | 华中科技大学,计算机科学与技术学院信息安全系,湖北,武汉,430074 |
| |
| 摘 要: | 通过考察基于角色的访问控制RBAC模型,提出了一个实用的扩展模型.扩展模型主要引入属性和分组的概念,将具有相同角色的用户定义为一个组,按用户组指派相应的角色.并对权限和属性分组,按组为角色指派相应的属性和权限,解决了原模型在用户指派时不易表达对用户特征的限制.实体分为用户组、权限组、属性组等,简化了对RBAC系统中大量实体的管理,减轻了安全管理员进行用户指派、权限指派和属性指派时的工作量,增强了实用性.扩展模型中的实体与面向对象的编程方法OOP中的概念存在对应关系,软件开发人员很容易理解和实现.
|
| 关 键 词: | 基于角色的访问控制 属性 属性指派 分组 属性指派 分组 扩展模型 Group Feature Model 易理 软件开发人员 对应关系 存在 面向对象的编程方法 增强 工作量 管理员 安全 的管理 系统 简化 权限组 实体 |
| 文章编号: | 1006-9348(2007)01-0124-03 |
| 修稿时间: | 2005-11-22 |
An Extended Model of ARBAC with Feature and Group Concepts |
| |
| XU Lan-fang,WANG Fei.An Extended Model of ARBAC with Feature and Group Concepts[J].Computer Simulation,2007,24(1):124-126. |
| |
| Authors: | XU Lan-fang WANG Fei |
| |
| Abstract: | This paper presents a practical extended model through discussing Role-based Access Control model.The extended model mainly introduces the concepts of Feature and Group.Users with same features are formed into a group,to which roles are assigned.Permissions and features are also grouped.They are assigned to roles. It solves the problem that user's characters are difficult to be expressed in user assignment in original model.Entities are divided into user groups,permission groups and feature groups etc.It eases the management to a large number of entities in RBAC system and reduces the workload of security administrator in user assignment,permission assignment and feature assignment.It also enhances the practicability.The entities in the extended model have some corresponding concepts in Object-Oriented Programming methodology.It is easy to be understood and implemented by software engineers. |
| |
| Keywords: | Role-based access control Feature Feature assignment Group |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
