首页 | 本学科首页   官方微博 | 高级检索  
     

基于角色的访问控制模型的扩充和实现机制研究
引用本文:薛伟,怀进鹏.基于角色的访问控制模型的扩充和实现机制研究[J].计算机研究与发展,2003,40(11):1635-1642.
作者姓名:薛伟  怀进鹏
作者单位:北京航空航天大学计算机学院,北京,100083
基金项目:国家“八六三”高技术研究发展计划项目(2001AA110485,2001AA10233,2001AA144150),国家自然科学基金(60073006)
摘    要:同传统的自由访问控制(DAC)和强制访问控制(MAC)相比,基于角色的访问控制(RBAC)代表了在灵活性和控制粒度上的一个重大进步.为了促进RBAC的研究和应用,美国国家技术与标准局提出了RBAC建议标准.然而,该标准仅支持一种约束,即职责分离约束.提出了一个经过扩展的I出AC标准——e-RBAC,增加了对广泛使用的势约束的直接支持.提出了一个面向对象的RBAC系统实现框架,该框架可部分起到API标准的作用.在此框架之下实现了一个通用的RBAC核心功能模块act-RBAC.

关 键 词:基于角色的访问控制  安全策略  势约束  API  实现框架

Research on Extension and Implementation Mechanism for Role-Based Access Control
XUE Wei and HUAI Jin-Peng.Research on Extension and Implementation Mechanism for Role-Based Access Control[J].Journal of Computer Research and Development,2003,40(11):1635-1642.
Authors:XUE Wei and HUAI Jin-Peng
Abstract:Role-based access control (RBAC) represents an important advancement in flexibility and granularity of control from the classical discretionary and mandatory access control. To accelerate the research and application of RBAC, NIST in USA has proposed a standard for it. But the standard supports only one constraint type, namely separation of duty. An extended RBAC standard that directly supports the widely used cardinality constraint, e-RBAC, is proposed. An object-oriented implementation framework for RBAC system is proposed and can be used as an API standard. A general core functional module for RBAC systems is implemented with respect to the proposed framework.
Keywords:role-based access control ( RBAC)  security policy  cardinality constraint  API  implementation framework  
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号