| 混合RBAC-DTE策略的多角色管理 |
| |
| 引用本文: | 唐柳英,卿斯汉.混合RBAC-DTE策略的多角色管理[J].计算机学报,2006,29(8):1419-1426. |
| |
| 作者姓名: | 唐柳英 卿斯汉 |
| |
| 作者单位: | 1. 中国科学院软件研究所基础软件国家工程研究中心,北京,100080;中国科学院软件研究所信息安全技术工程研究中心,北京,100080;中国科学院研究生院,北京,100049
2. 中国科学院软件研究所信息安全技术工程研究中心,北京,100080;北京中科安胜信息技术有限公司,北京,100086;中国科学院研究生院,北京,100049 |
| |
| 基金项目: | 北京市自然科学基金;国家自然科学基金;国家重点基础研究发展计划(973计划) |
| |
| 摘 要: | 混合的基于角色访问控制-域型增强(RBAC-DTE)访问控制模型因其不同层次的保护机制近年来颇受关注,但是尚未见到公开的文献讨论混合RBAC-DTE策略中的多角色管理问题.因此,从特权层面和访问许可权层面上,提出了一种角色划分粒度比域划分粒度粗的角色和域的划分方法,并引入域的静态继承关系.这种混合RBAC-DTE策略的多角色管理方法解决了不同域的进程共享访问许可权集、控制策略代码尺寸的问题,特别是它可以充分支持极小特权原则.
|
| 关 键 词: | 安全策略 混合RBAC-DTE访问控制模型 极小特权原则 多角色管理 Capability机制 |
| 收稿时间: | 2006-03-31 |
| 修稿时间: | 2006-03-312006-06-02 |
Administration of Multiple Roles in the Hybrid RBAC-DTE Policy |
| |
| TANG Liu-Ying,QING Si-Han.Administration of Multiple Roles in the Hybrid RBAC-DTE Policy[J].Chinese Journal of Computers,2006,29(8):1419-1426. |
| |
| Authors: | TANG Liu-Ying QING Si-Han |
| |
| Affiliation: | 1.National Engineering Research Center for Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100080;2.Engineering Research Center for Information Security Technology, Institute of Software, Chinese Academy of Sciences, Beijing 100080;3.Beijing ZhongkeAnsheng Corporation of Information Technology, Beijing 100086;4.Graduate University of Chinese Academy of Sciences, Beijing 100049 |
| |
| Abstract: | The hybrid Role Based Access Control-Domain and Type Enforcement (RBAC-DTE) access control model has recently been given much attention due to its different level of protect mechanisms. But no published literature has discussed administration of multiple roles in the hybrid RBAC-DTE policy. From the aspect of privilege and access right, this paper proposes an approach to dividing roles and domains that roles are more coarse-grained than domains, and introduces a static-inheritance relationship between domains. This method for multirole administration in the hybrid RBAC-DTE policy solves the problem of sharing access right set among processes in different domains and the problem of controlling policy code size, especially, supports the principle of least privilege sufficiently. |
| |
| Keywords: | security policy hybrid RBAC-DTE access control model principle of least privilege administration of multiple roles capability mechanism |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
