RBAC模型中角色的继承与互斥问题的研究

RBAC (Role-Based Access Control)maps naturally to an organization's structure and facilitates safety administration by separating logically users and permissions via roles as well as constructing role hierarchies, and therefore RBAC offers a powerful means of specifying access control decisions and is attracting increasing attention. In role hierarchies of RBAC,superroles inherit all properties and permissions of subroles. This paper classifies role inheritance into two types : generalization inheritance and supervision inheritance . Furthermore, it outlines two problems in relation to role inheritance :one is how to maintain data integrity,another is how to reduce the effect of absent roles on the normal running of the system. At last ,this paper discusses solutions to them 。RBAC is attracting increasing attention as a security mechanism .Separation of duty is an important safety requirement which is implemented by means of mutual exclusion of roles in RBAC. This paper presents a basic RBAC model,then explores some properties of mutual exclusion of roles,which helps enforcing security policies efficiently. At last ,this paper describes how mutual exclusion of roles affects role hierarchies.

Research for Inheritance and Mutual Exclusion of Role in RBAC Model

RBAC (Role-Based Access Control) maps naturally to an organization's structure and facilitates safety administration by separating logically users and permissions via roles as well as constructing role hierarchies, and therefore RBAC offers a powerful means of specifying access control decisions and is attracting increasing attention. In role hierarchies of RBAC, superroles inherit all properties and permissions of subroles. This paper classifies role inheritance into two types : generalization inheritance and supervision inheritance . Furthermore, it outlines two problems in relation to role inheritance: one is how to maintain data integrity,another is how to reduce the effect of absent roles on the normal running of the system . At last,this paper discusses solutions to them . RBAC is attracting increasing attention as a security mechanism . Separation of duty is an important safety requirement which is implemented by means of mutual exclusion of roles in RBAC . This paper presents a basic RBAC model,then explores some properties of mutual exclusion of roles,which helps enforcing security policies efficiently. At last,this paper describes how mutual exclusion of roles affects role hierarchies.