首页 | 本学科首页   官方微博 | 高级检索  
     

带周期时间特性的自主访问控制委托树模型
引用本文:石伟丞,谭良,周明天.带周期时间特性的自主访问控制委托树模型[J].计算机工程与应用,2011,47(6):93-98.
作者姓名:石伟丞  谭良  周明天
作者单位:1. 四川师范大学计算机学院,成都,610066
2. 四川师范大学计算机学院,成都610066;中国科学院计算技术研究所,北京100080
3. 电子科技大学计算机科学与工程学院,成都,610054
基金项目:四川省科技厅项目,四川省教育厅项目
摘    要:传统自主访问控制(DAC)不具有时间敏感性,也不支持权限委托策略,这使得DAC很难满足对时间敏感的需求,而且对授出权限使用的不可控也可能造成权限滥用而带来安全隐患。提出了带周期时间特性的自主访问控制委托树模型(PDACDTM)。PDACDTM不仅在DAC中引入了周期时间、访问持续时间、访问次数和时序依赖来限制主体对客体的访问,而且在权限委托方面提出了委托树模型。该委托树模型通过委托深度和委托广度来限制委托权限的传播,同时还支持复合权限委托。PDACDTM以树形结构刻画了委托权限的传播,使得委托关系的处理更为明确、完备,也更加灵活且易维护。

关 键 词:自主访问控制  周期限制  委托树
修稿时间: 

Delegation tree model for DAC with character of periodicity constraints
SHI Weicheng,TAN Liang,ZHOU Mingtian.Delegation tree model for DAC with character of periodicity constraints[J].Computer Engineering and Applications,2011,47(6):93-98.
Authors:SHI Weicheng  TAN Liang  ZHOU Mingtian
Affiliation:1.College of Computer,Sichuan Normal University,Chengdu 610066,China 2.Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100080,China 3.School of Computer Science & Engineering,University of Electronic Science & Technology of China,Chengdu 610054,China
Abstract:Traditional Discretionary Access Control(DAC) is not time-sensitive and doesn't support the policy of permission delegation yet, which makes DAC difficult to meet the demand of time-sensitivity, and the using of granted permission with out control would bring risk by permission abuse.Therefore, a delegation tree model for DAC with periodicity constraints and time characters (PDACDTM) is proposed in this paper.PDACDTM not only introduces periodic time, durative access time,visits and timing-dependent to restrict subject's accessing to object,but also puts forward a delegation tree model in permission delegation.The delegation tree model restricts the propagation of permission by depth and width,in addition it supports the delegation of complex permissions.PDACDTM uses the structure tree to depict the spread of delegation permissions,it makes the relationship of delegation clearer, more comprehensive,more flexible and easier to be maintained.
Keywords:discretionary access control  periodicity constraints  delegation tree
本文献已被 CNKI 维普 万方数据 等数据库收录!
点击此处可从《计算机工程与应用》浏览原始摘要信息
点击此处可从《计算机工程与应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号